"Only turning off remote administration would protect the device."
For a SOHO bit of kit, I (being an admin/consultant) would not even connect the router to anything except the machine I'm using for initial setup, let alone the internet, without turning off remote admin--truly small offices (and home users) quite simply don't need that
bug feature. And in my personal opinion, using most D-Link offerings in a larger setting would be akin to suicide anyway.
So... it may be a backdoor, but for anybody who knows the very first bit about security, it would be turned off anyway. Sort of like people using "passw0rd" as a password tend to have their systems hacked into more often than those who use actual passwords. Hence, very limited news value in this article from my point of view. There's a bug in a router. Not going to be the last one. It can be switched off, but most users won't. Their problem. If you don't know how to handle your own kit, hire a pro. My hourly rates are reasonable...