Security researcher Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it s relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. To test this, all you need is a proxy that can modify the POST request before it’s sent. The manufacturer, Cisco, has acknowledged the error in March and his message was acknowledged, but he has received no report of a fix as yet.
Source: https://threatpost.com/dsl-router-remotely-controlled-url-052909/72748/