The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled.
f39b0d4187cc158f2f89d6baa904081ee7d836d144b591161f265d845ad45d81