D-Link DWR-932B LTE router and access point has been found vulnerable to a number of backdoors as well as a default WPS (Wi-Fi Protected Setup) PIN. Backdoor accounts can be used to bypass authentication using the root account of the router. The security level of the UPNP program (miniupnp) in the router is lowered, thus allowing a LAN based attacker the ability to add Port forwarding from the Internet to other local clients. This would allow attackers to forward traffic from the outside onto the local network, including services such as mail, file transfer and database.”]
Source: https://securityaffairs.co/wordpress/51820/hacking/d-link-dwr-932.html