Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command deviceinfo show file is supposed to be used from restricted shell to show files and directories. By providing /bin/sh (quotes included) to the argument of this command will drop a root shell.
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.