netis-systems MEX605 v2.00.06 allows malicious users to execute arbitrary OS commands via a crafted payload to the ping test page.