Problem: Allows arbitrary command execution from a local connection. This allows someone to to execute any chosen command on the device, with root privileges, without authentication.

Cause: It seems that there are still some firmware bugs left over from version 1. For more details see this article.

Solution: There appears to be no solution at this time.