The multiple vulnerabilities found in the D-Link DIR-100 Ethernet Broadband Router Revision D (and potentially other devices sharing the affected firmware) could allow a remote attacker to retrieve the Administrator password without authentication. The administrator password is not protected in any way on the device, every attacker with access to the administrator interface which listens on port 80. This can lead to the retrieval of sensitive configuration parameters.
Read the security advisory here – http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt