Aterm W300P Ver1.0.13 and previous versions allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
nec aterm_w300p_firmware