For the record, a popular ISP in my country designed its own router, which uses shell commands to compute the password hash, without even attempting to sanitize input[1].
If you have access to the login page (and until recently, it was also available via WAN) you could do all fancy tricks by putting the right commands in the password field, including bricking the equipment itself.
If you have access to the login page (and until recently, it was also available via WAN) you could do all fancy tricks by putting the right commands in the password field, including bricking the equipment itself.
[1] https://github.com/Nimayer/fastgate-toolkit/wiki/Get-a-root-...
People tried to contact the ISP and got no response back, of course.