The Zyxel NBG6604 is a dual-band wireless router from Chinaβs Hopkins (Zyxel). The Zyxel NBG6604 V1.01(ABIR.1)C0 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the NTP function. An attacker can exploit this vulnerability to remotely execute certain operating system commands by sending a crafted HTTP request.