Public CVE-2020-10244 disclosure

BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.