Administration web interface TCP/1900 is available from WAN without authentication.
vulners.com/securityvulns/securityvulns:doc:6196