I personally put ALL consumer routers in that category
And run DD-WRT my wireless router, and while I can't use third party firmware on my DSL modem it is in bridge mode.
I don't trust Netgear or Asus or any of the rest of them any more than I trust Dlink. They've all had too many of these simple "hardcoded password" type flaws to be trusted. At least if DD-WRT (or OpenWRT, if you prefer it) don't have these elementary mistakes, and when something more basic (like an SSH exploit is discovered which affects it) they are quick to respond or you can mitigate it in other ways since you have much more control over it - even to the point you could compile your own binary and replace the running SSH daemon with it if you had no other choice.