It's possible to reboot device via http://<IP ADDRESS>/sw2/cgi/device_reset? URL without authorization.
vulners.com/securityvulns/securityvulns:doc:3530