An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
Credits
Daniel Hulliger from The Cyber-Defence Campus of armasuisse S+T
