A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.