An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.
https://blog.prodefense.io/zbt-we1626-wireless-router-cve-disclosures-b3534484d97d