Malicious JS Could Alter DNS Settings on Routers

I just found out the following news :

Malicious JavaScript placed on web sites could be used to change DNS settings on home routers that are still using default passwords. Once the change has been made, the next time the router is rebooted, the user would be redirected to spoofed, possibly malicious web sites. Research indicates than about half of router owners have not changed the password from the default.

You can find the technical details at Symantec's site.