Baran Teyin

**Name of the Vulnerable Software and Affected Versions** BroadlinkManager version 5.9.1 **Description** The issue is related to an OS command injection vulnerability. This vulnerability can be exploited via the `IP Address` parameter at the "/device/ping" API endpoint. **Recommendations** For BroadlinkManager version 5.9.1, avoid using the `IP Address` parameter in the "/device/ping" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/device/ping" endpoint to minimize the risk of exploitation.