Problem: Allows arbitrary command execution from a local connection. This allows someone to to execute any chosen command on the device, with root privileges, without authentication.
Cause: It seems that there are still some firmware bugs left over from version 1. For more details see this article.
Solution: There appears to be no solution at this time.