There is a vulnerability in the add_user function within the system module, as it does not effectively filter the username. This allows for the creation of a root account and subsequently enables privilege escalation.
A1300 /AX1800 /AXT1800 /MT3000 /MT2500 /MT6000 /MT1300 /MT300N-V2 /AR750S /AR750 /AR300M /B1300
4.3.7/4.4.6/4.5.0 Affected, fixed in 4.5.0
Attackers calls the add_user interface within the system module to obtain root privileges.
Attackers can use the vulnerability to escalate their privileges and gain root access, thus executing operations that may compromise the security of the system.