An issue in Wifire Hotspot v.4.5.3 allows a local malicious user to execute arbitrary code via a crafted payload to the dst parameter.