DSA / DGLux5 Vulnerability
The WebSocket connection for IoT data does not, in any way, secure access to internal methods to execute arbitrary commands on the host machine.
Although the function to execute an arbitrary command is marked insecure, it is still enabled by default.
Approximately 100 servers are currently exploitable to this flaw. No authentication is done by default. Custom exploits have been written.