phpcgi is responsible for processing requests to .php, .asp and .txt pages. Also, it checks whether a user is authorized or not. Nevertheless, if a request is crafted in a proper way, an attacker can easily bypass authorization and execute a script that returns a login and password to a router.
Due to error in hnap protocol implementation we can overflow stack and execute any sh commands under root priviliges.
If you have access to an ethernet port you can upload custom firmware to a device because system recovery service is started and available for a few seconds after restart.