A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions.
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.