Don't think so. The management interfaces are only exposed on the local network. If you could hack into my local network some other way (e.g. through Apache), you could probably attack the web interface on the router; but in fact no local network services are exposed to the internet.
It's a device that's directly exposed on the public Internet. Anyone in the world can send any package they want to it. It's not that uncommon for people to find bad bugs in network protocol stacks. An attacker wouldn't have to go through a web interface.
There are a multitude of ways to trick consumer routers into letting an external request log into the web interface. That's also ignoring the multitude of ways to botnet them without using the web portal, as manufacturers suck at their job and often ship known exploited libraries and utilities. Some have had genuine back doors even.
