A path traversal vulnerability in the application may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
The affected product uses hard-coded passwords, which may allow an attacker to gain access through accounts using default passwords.
The affected product is vulnerable to password leakage, which may allow an attacker to obtain credentials through unprotected transport.
The affected product is vulnerable to improper neutralization of special elements, which may allow an attacker to remotely execute unauthorized commands. This could allow an attacker to disable software or read and modify otherwise inaccessible data.
The affected product has a misconfigured service that allows remote connections to internal communication channels, which may allow an attacker to interact and use MQTT remotely.
Refer to US-CERT Advisory for patch, upgrade, or suggested workaround information.