Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution.
https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-002
https://www.axiros.com/2024/03/vulnerability-in-axusermanager