All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686