A vulnerability was reported on the GNUCitizen blog yesterday affecting the BT HomeHub which would allow a malicious attacker to get control over the HomeHub of a user by asking them to visit a specially crafted web site. Once the victim had done so, they could gain control over the router.
The vulnerability appears to be related to the specially crafted website submitting an HTTP request to the HomeHub to change settings which then allow the attacker to gain control over the device and make further changes although the details don't appear on the blog entry. The authors suggest that this could affect other Thomson products, in particular the SpeedTouch 7G in particular which is essentially the same router.
According to TheRegister, BT are investigating the matter.
Update 13/10/07: Following confirmation from the authors of the blog, they have confirmed that the bug affects all HomeHub routers and doesn't rely on the user setting a password. The bug works by activating remote assistance on the victim's router which then allows the attacker to gain control including stealing WEP keys, etc.