A new vulnerability called Joel’s Backdoor has been found in D-Link routers that allows unauthenticated users to gain access to administrator functions. A terrific write-up of the discovery of this vulnerability can be found here.
The vulnerability appears to affect the following D-Link routers
Additionally, several Planex routers also appear to use the same firmware:
The backdoor is activated by setting your browser’s user agent string to xmlset_roodkcableoj28840ybtide. Why something so strange looking? Read it backwards. Seems like Joel was probably doing some testing of the firmware and didn’t feel like logging in each time, so he put this in. And then probably forgot to take it out. We’ll give him the benefit of the doubt.
Anyway, people who have this router have been acknowledging that yes, it does indeed work.