A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges.
https://github.com/goldds96/Report/blob/main/Linksys/E1500/CI.md