The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.