There are two possibilities: either the router has been hacked to direct DNS queries to a malicious server, or it's using the right DNS servers, but those servers have been hacked. The first possibility is more likely.
Follow the manufacturer's instructions to reset the router to the default state. Usually that involves inserting the end of a straightened paper clip or a similar tool into a pinhole somewhere in the back of the device, and pressing a switch inside for about 15 seconds. The pinhole may be marked "RESET."
Repeat the initial setup process. Make sure the router does not allow remote setup from the Internet (WAN port), if it has that feature—most do. The DNS servers should be set automatically by your ISP. If you still have trouble with those servers selected, contact your ISP.
Another option, if your ISP fails to secure its servers promptly, is to use an alternative DNS service such as Google DNS or OpenDNS. I don't recommend either one. Don't believe the marketing hype about OpenDNS, in particular. There are no advantages to using it if your ISP is delivering the service you pay for.
If you have a wireless network, it must be secured with WPA 2 encryption. The passwords for the network and the router must each be a string of at least 10 random upper- and lower-case letters and digits, and they should be different. Any password that you can remember is weak.