After administrative login it's possible to access administration interface from any IP without password validation.
vulners.com/securityvulns/securityvulns:doc:15816