D-Link DIR-655 C devices prior to 3.02B05 BETA03 allow remote malicious users to force a blank password via the apply_sec.cgi setup_wizard parameter.
dlink dir-655_firmware 3.02b05