The documented D-Link DWR-932 vulnerabilities affect the latest available firmware. Kim first responsibly disclosed them to the D-Link Security Incident Response Team in June, but after the company said early this month that they don’t have a schedule for a firmware release, he decided to go public with the details about some of the flaws.
In short, the firmware sports:
Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
Multiple vulnerabilities in the HTTP daemon
Hardcoded remote Firmware Over The Air credentials
Lowered security in Universal Plug and Play, and more.
This was reported in June but still not fixed