This news is a few days old but I wanted to give folks a heads up in case they are unaware:
Don't be alarmed. The fix is quick and easy. You can add a short firewall rule until you update the firmware later.
http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd...
Most of us have Remote HTTPD Admin turned off (default). This blocks the malicious commands that go directly to our router. However there is an alternative attack that requires you to visit a malicious link in any common web browser (from here, your browser actually sends the commands to your router locally).
If you already use Firefox with NoScript, you're already protected:
hey .. thnx 4 the info ..I was not aware of it ... though I use firefox most of the times ... it z a useful info ....