In early January in 2014 Eloi Vanderbeken in blog (https://github.com/elvanderb) reported that vulnerability was found in Linksys and Netgear routers that gave full access to the device, including the root- shell.
The backdoor was not fixed in this post- update, but it was masked. And if before it was activated when the system started up, but now in order to activate it the ethernet- package of special type is needed to be send.
So now it can be used only if you are an Internet Service Provider or in the same local network with a router. Among new function of the backdoor is possibility of flashing LEDs.