From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Unauthorized file download and upload interface access. 2. Description: - This vulnerability allows unauthorized users to download any file on the system via the GL management panel, including files owned by root. - By downloading the shadow file and using the encrypted root password to log in to the management panel, an attacker can execute code remotely and gain root privileges. 3. Affected Products: - MT6000 / MT3000 / MT2500 / AXT1800 / AX1800 / B3000 / A1300 / X300B / X3000 / XE3000 / X750 / SFT1200 / MT1300 / E750 / XE300 / AR750 / AR750S / AR300M / AR300M16 / B1300 / MT300N-V2 4. Affected Firmware Versions: - MT6000 / MT3000 / MT2500 / AXT1800 / AX1800: 4.6.2, fixed in 4.6.4 - B3000: 4.5.18, fixed in 4.5.19 - A1300 / X300B: 4.5.17, fixed in 4.5.18 - X3000 / XE3000: 4.4.9, fixed in 4.4.10 - X750 / SFT1200 / MT1300: 4.3.18, fixed in 4.3.19 - E750 / XE300 / AR750 / AR750S / AR300M / AR300M16 / B1300 / MT300N-V2: 4.3.17, fixed in 4.3.18 5. Exploitation Method: 1. Set an FTP user account password and retrieve the FTP hash from the shadow file. 2. Use and the FTP hash to log in to the GL management panel. 3. Verify that the new SID on the target system has no permissions, indicating that the value is not set or is empty. 4. Access to URI is denied when using a non-privileged SID. 5. Successfully call using the same non-privileged SID. 6. Impact: - Attackers can exploit this vulnerability to backdoor the system or download sensitive files using a hidden root account. - Attackers can achieve remote code execution (RCE) and gain full control over the target device.