Can I protect my router from a Mirai Worm and how do I know if I'm vulnerable?
Like your quote says; change the password. It would be much harder to fix if Mirai used 'actual' vulnerabilities (software bugs i.e. memory corruption). Then you'd have to hope there's an update available and apply that. But it seems like it's only taking advantage of people who leave their devices with the proverbial 'changeme' as password.
This may be useful, though it's a little specific to netgear (DG834 etc): https://wiki.openwrt.org/toh/netgear/telnet.console#using_the_netgear_router_console
Some info gleaned from DEFCON 2014, after my netgear was hacked a few weeks back.
The problem is not the password per se, as the backdoor that was implemented for telnet. Not all implementations use nvram to allow that particular fix, but then not all implementations have a stupid back door. Except of course that ISP-supplied routers are notoriously vulnerable to anything going, and sometimes prevent the user from correcting the situation. Get a new box.
For Heaven's sake, at least change the default password! (Good Grief)
My first step would be to (export the settings and) update to the latest firmware. Or else consider one of the many open-source firmware such as dd-wrt, openwrt, pfsense etc etc, which are linux- or BSD-based.
Change the password at the very least, but change the "admin" account too. On the old netgear, there isn't a GUI for this, but you may edit the admin account-name in exported settings before re-importing, or indeed use telnet via busybox (but beware using special characters such as > ).
Some people advise changing the default IP 192.168.0.1 to something else; clearly this means you need to reconnect to your main box by setting the new router IP there, too.
Also turn off the router's UPnP, which inhibits any DNS rebinding attack, and to be extra sure restrict ISP addresses to the block range used by the ISP, using ipconfig (in the router). You may also restrict ports to those you know you will need, but it becomes more onerous to maintain, and will be puzzling if something does not work becasue it needs a port you have disallowed.
It helps to respond to outside pings with a 'drop' as default action, so you are a little more stealthy (dial-in becomes more complicated).
Finally, test with something like https://www.grc.com/shieldsup
I hope that helps.