An attacker can easily exploit this vulnerability by injecting OS commands into the web application if it does not properly sanitize its HTTP parameters. In Zeroshell 3.9.0, a Linux router, this vulnerability allows the attacker to execute code remotely.