Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router’s administrative web interface. Planex and Alpha Networks devices may also be affected, please contact these vendors directly at their regional websites.
Remote Management is default disabled on all D-Link Routers and is included for customer care troubleshooting if useful and the customer enables it.
Read the full advisory here – http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10001