I have a TP-LINK router whose DNS was changed on Sat 15th March. My ISP is PlusNet (UK). I've been trying to work out where the hack happened.
On 14th and 15th I used the box as a network extender (not WAP connected) at an office to instruct a group of people about XP end-of-support.
All I can think is that one of the clients that connected to the subnet was infected which had a knock-on affect with my router. I have tried to ascertain which client was responsible but haven't foud out which. So this is a mystery to me.

What's the modem number and hardware & firmware of your product?
If it is not the latest one firmware, I think you can go to http://www.tp-link.com/en/ to download the latest one.
As I know, TP-LINK has fixed the problem in the latest firmware of most of TPLINK product.

Wish this can help :)

Coincidentally, on march 10th March, my TD–W8961ND had it's LAN DNS addresses changed (hacked).

Symptoms are the same as others report: Flash update prompts. I also got SSL warnings from Facebook, YouTube and Goole sites.

I reset the routers DNS addresses and updated the firmware, but two days later the same thing happened.

I had the same issue as RichieRoo. Was blocked from Google while Facebook and Youtube both sent me to Flash update pages for the fake Flash Pro program. Reset the Router, ran a complete virus, malware and rootkit scan and even had a the local repair shop check my system, so my machine is now cleaner than when it came from the factory...however the issue kept returning at one week intervals.

I've now also reset my browser completely and removed all my old restore points and set up new ones. That seems to have cleared the issue for the moment.

Same problem on TD-W8901G V3. They should fix this old hardware or not!

Same problem:
Region : Italy
Model : TD-W8901G
Hardware Version : V3
Firmware Version : 3.0.1 Build 100901 Rel.23594
ISP : Infostrada

DNS regularly change, also resetting the Router

Hi all!
I have same problem with DNS at my TD-W8961ND v3 yesterday (7 may).
Facebook and Youtube both sent me to Flash update pages for the fake Flash Pro program.
I had connected to the router a desktop with linux installed and a mobile phone with android only.
Are any people, who know how dns adress has changed? And how prevent this?

Same Problem Here

Region : Italy
Model : TD-W8901G
Hardware Version : V3.1

Need a Fix for this is a big security issue

Hi,
I am experiencing the very same problem with my router:

Region : Italy
Model : TD-W8901G
Hardware Version : V3
Firmware Version : 3.0.0 Build 100223 Rel.23059
ISP : Infostrada

I have contacted the TP-Link customer support and the representative told me that since my model is no longer in production they do not plan to publish a new release of the firmware with this issue solved.

This issue is known and TP-Link should publish a security announcement on it:

http://cxsecurity.com/issue/WLB-2012100027

This silence is quite embarrassing.

If not solved I will throw in the garbage my modem and never buy TP-Link anymore! Sorry TP-Link I used to love you but with security you cannot beat the bush around!

I am also experiencing the this annoying problem with my router.

Region: Brazil
Model: TD-8816
Hardware Version: V6
Firmware Version: 6.0.0 Build 100906 Rel.43560
ISP: Oi (Velox)

In the begining, I thought that there was a virus on my computer and I tried do use all sorts of anti-virus software.

Then I discovered that my DNS server is being changed to 23.253.94.129 and 128.199.225.64.

I reseted the modem and changed its password a couple of times but the problems came back again and again.

On US TP-Link website there is a new firmware version that is intended to fix this vulnerability (TD-8816_V8_140311) only for the model version 8...But since mine is V6, it's no good for me.

My ISP provided me another modem from a generic brand, but since I've always been a TP-Link fan I choosed to use my own TP-Link modem.
If TP-Link didn't fix this ASAP then I will throw it on garbage too...And this will be the end of my admiration for the brand.