Vulnerabilities found in networking gear from D-Link and Comba Telecom allow retrieving sensitive information like ISP credentials and device access passwords without authentication. For some of the products, the information is present in the source code of the web-based management interface. The vulnerable products are the AC2400 WiFi access controller, the AP2600-I-A02 and the AP2500 indoor access points. The manufacturer released fixes for both DSL-2875AL and DSL-2777AL.
Source: https://www.bleepingcomputer.com/news/security/bugs-in-d-link-and-comba-networking-gear-disclose-passwords/