D-Link’s DIR-615 Wireless N Router (http://www.dlink.com/products/?pid=565) contains a flaw that allows attackers to access administrative functions without authorization. By simply requesting a certain URL, this vulnerability can be used to perform numerous attacks including changing the admin password, disabling wireless security, and changing DNS settings.
The hole is confirmed in firmware version 3.10NA.
Example (changes admin password to ‘pwdpwd’):
Change password on 192.168.0.1