The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
Credits
Tomer Goldschmidt of Claroty Research - Team82 reported this vulnerability to CISA.
