A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.
https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml