Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the β/xml/system/control.xmlβ URL, using the GET request β?action=rebootβ for example.