Yeah, security in embedded device firmwares is a sad joke, someone on this forum posted that someone hacked his router and flashed OpenWrt on it. His router was on the list of unpatched remote-exploits so someone could have done this over the internet, no problem.