This is an absolutely fascinating article about finding security holes and working up an exploit to allow you to remotely take control of a router and own it.
Article giving details of analysing security holes in TP-LINK kit
Fixing the bugs doesn't make any difference. The fact that such shocking stuff was even possible shows that this company has no clue at all. I had some TP-link WAPs, but I haven't used them in a while. If I can't manage to secure them, then they are going in the bin.
I wonder now about the ZyXEL WAPs that I am using.