Nanoleaf Desktop App before v1.3.1 exists to contain a command injection vulnerability which is exploited via a crafted HTTP request.
nanoleaf nanoleaf desktop