The discovery of a loophole in the d-link devices allow password change

 
Has identified security researcher Michael Messner several weaknesses in routers Link DIR-600 and DIR-300 that allows hackers to execute commands to change the password.
There is no request for the current password. Therefore, a hacker can change the password without knowing the current password, by sending malicious script that is sent to the victim to a request to change the password.
Select researcher that there is no password hash implementation and saves the password in plain text in the file .var / password
According to a report on the Internet hacker can exploit the gap.
Gap has been sent to the company, but replied that the relevant browser, and they will not give anything to fix the gap.