An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function.