CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
8227decab2e3303eb2fd3fd07c388f1eab6298ce3df14f3c461ac9bd2a02e376