This doesn't look like an XRSF flaw to me, unless this html is supposed to be inserted via some XRSF flaw, in which case you've given us a payload with no vulnerability details and no PoC exploit. Looks like someone from the DD-WRT team has also commented, denying that this is actually a vulnerability. If you have more details, please do post them.
