DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.
https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html