WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.