I'm not a programmer in the least, but that doesn't seem to be able to happen by accident. could it? this isn't a bug, this is intentional?
It looks too me like a debugging/development shortcut that was left in, most likely by accident. It is a nice feature for debugging, because instead of having to log in to the router to force it to do something, you can just ping it with an HTTP request, which is very easy to repeat... just hit F5
Additionally, it's only exploitable if you have the admin page set to be accessible from the WAN port. There is rarely ever a good reason to do this if you're actually using the device as a router directly connected to your internet connection. For almost every use case here, the TP-Link would be on the local LAN behind another router/firewall, so even if WAN admin was enabled, there would be no way for anyone to remotely exploit this bug unless they could get on to your local network (and you would have other, bigger problems then.)
