IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.
72f8b0873dc11b2d3d2949fc7e34c4a2aa14b2eba24cd506e1e1251f6aec3dd2