RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to cause a persistent denial of service (bricking) via a crafted request.