BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution

BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution
BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.