Reverse engeneering of the latest firmware update from d-link showed that it allows root-access to the configuration interface of (some of) their routers without authentication if you access them with the correct user-agent set in your browser. Handy, no?
The full analysis can be found here: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
The following D-Link devices are likely affected:
EDIT: And for some extra fun and giggles, try reading the user-agent backwards.
Edited by myrti, 13 October 2013 - 10:35 AM.