kylin is vulnerable to command injection. The vulnerability exists when overwriting system parameters in the configuration overwrites menu which allows an attacker to send a specially crafted request using the value parameter and inject any operating system command into the system.