(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/
https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic