Versions of local-devices
prior to 3.0.0 are vulnerable to Command Injection. The package does not validate input on ip addresses and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.
Upgrade to version 3.0.0 or later.