Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.