The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name
URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.