ABDELLI Nassereddine, an Algerian Computer Science Student has reported a highly critical unauthorized access and password disclosure vulnerability in the routers provided by Algerie Telecom. Algerie Telecom provides TP-LINK TD-W8951ND routers to most of their customers which contain this vulnerability.
Nassereddine found that this router allows access to an administrator interface page without any authorization credentials. This page contains an interface to backup the router’s data which of course includes the administrator name and password. Looking at that file will allow you to login to the router as administrator and do whatever you like to the router.
It’s estimated that there are over 200,000 routers with this vulnerability in Algeria. There is currently no patch for this problem.