Just been looking at the exploit code for this and thought it was worth pointing out that (in the default configuration) routers running vulnerable firmware are only available from inside
That is to say that it is only vulnerable from the private interface, and not the public on. The exploit needs to be directed at the router's web management interface, typically this wouldn't be exposed to the public.
That doesn't mean that it isn't an issue though. An attacker could set up some sort of cross-site request forgery attack (a maliciously crafted media file for example) that triggers in the victim's browser, runs the exploit against the router's management interface, and then returns the root shell to the attacker.
Found an interesting little video (you'll need to blow it up to full screen) that shows the proof of concept attack.
By the way, all of this information is public domain - I present it here for the interest of those people that I know are interested in these things. Hopefully if more people are educated to how these things work we might see fewer people affected in the future.