I don't think there is any way to hack a standard NAT router.

Unless you have open ports. These will be quickly discovered with a sniffer and the port will then be hit with a dictionary attack. At work we get this constantly (all day).

Most Draytek routers have port 443 open - even if you disable remote admin. This is a bug. You should port forward all port 443 traffic to an internal IP on which no computer is connected... otherwise all those packets will be sent to your computer which should reject them but it may not if you have an unpatched copy of windoze (which is how many attacks have been done).