A zero-day vulnerability has been discovered in popular Cisco Linksys routers that allows hackers to gain remote root access.
The hole affects default installations of Linksys routers and is demonstrated in a proof of concept video.
A zero day attack is one which exploits a previously unknown vulnerability.
An exploit was successfully tested against a Linksys model WRT54GL router by researchers at security firm DefenseCode who said other models "are probably also affected".
Cisco says it has sold more than 70 million Linksys routers globally.
The company said all firmware versions are vulnerable, and claimed Cisco incorrectly stated the hole was fixed in its latest firmware release.
"Due to the severity of this vulnerability, once again we would like to urge Cisco to fix this vulnerability," it said in a statement.
A patch is due out this week, days ahead of DefenseCode's scheduled release of the full vulnerability details.
Cisco did not immediately return a request for comment.