Concerned users should probably put a decent strong password into their routers first and foremost. While good old Internet Explorer / Iframes have played their part here, a weakly protected router is an easy target for all manner of possible attacks. Most routers have an http login page, so they're just another regular resource to be used on the local network, and the IP address is going to be 192.168.0.1 most of the time, so it's not exactly hard to guess.
The problem lies fair and square with the router manufacturer, though. They should not allow such easy access out of the box, and the great majority of consumers won't have a clue about the risk. They certainly won't be reading The Register and tampering with browser plugins as a safety measure.