R00Treaver

**Name of the Vulnerable Software and Affected Versions** Edgecore ECS2020 Firmware version 1.0.0.0 **Description** The issue allows for Unauthenticated Command Injection via the `command1` HTTP header to the "/EXCU SHELL" URI. **Recommendations** For Edgecore ECS2020 Firmware version 1.0.0.0, as a temporary workaround, consider restricting access to the "/EXCU SHELL" URI until a patch is available. Avoid using the `command1` HTTP header in requests to the affected URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.