Hi, if upgrading the firmware is really not an option for you, at least you should ensure that your router interface is never accessible from the outside (the net). Otherwise an attacker can really easily download the snapshot of your router's memory and after decryption it shows your admin password.
I've also seen suggestions to forward your port 80 (from outside) to some not-existing IP as a prevention of this attack. I guess this is for routers where you are unable to ensure it's not accessible from WAN.