Regarding the DNS hijack,
Hard reset the router (by pressing the dedicated "reset" button) and after it finishes clearing out the setting, the DNS should go back to the default one, or if this is too drastic you can just change the DNS in the router's setting to OpenDNS (recommended), Google DNS, etc,...
Regarding the vulnerability,
Find the router's model on the manufacturer's website and download and install the latest firmware update for the router.