Vendor
9router versions 0.4.30 to 0.4.33 are vulnerable to unauthenticated remote code execution, allowing network-adjacent attackers to execute arbitrary OS commands by registering and triggering malicious plugins through unprotected API endpoints.