In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.
https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md