Permission access control
Command injection vulnerability requires authentication，but unfortunately，The usernames that can be logged in are admin and user。 Most people set a password for user admin，but the user 'user' is blank password.
This vulnerability can be used with vulnerability 1，Implement remote command execution
We found that there are 5,000 such devices on the public network through zoomeye。
I use the ceye platform and the ping command to verify this problem.