It would be a vulnerability if you can do it without logging into the admin interface, or if all the routers ship with the same default password of "changeme".
That'd be rather stupid though.
I wonder whether they did both?
The Register 
Biting the hand that feeds IT
About Us
Our Websites
Copyright. All rights reserved © 1998–2024
