This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GoPro HERO 3+. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to βrestartβ. Successful exploitation will allow an attacker to execute arbitrary commands on the target device.