Researchers have discovered a backdoor in some TP-Link routers that has the router download and execute a file when a specific URL is called.
Source: http://www.h-online.com/security/news/item/Treacherous-backdoor-found-in-TPLink-routers-1822720.html