Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.
winstonprivacy winston_firmware 1.5.4