The dbclient in Dropbear SSH prior to 2016.74 allows remote malicious users to execute arbitrary code via a crafted (1) -m or (2) -c argument.
dropbear ssh project dropbear ssh