What happened
9Router, a self-hosted router/gateway management tool, shipped an installation endpoint that bypassed its own authorization middleware and injected user-controlled input directly into a shell command (CVSS 9.8).
Why it matters
While 9Router itself is a niche network-management tool rather than core AI infrastructure, it is included here for completeness per the seed; blast radius is narrow and limited to self-hosted 9Router deployments — kept as a low-priority catalogued entry rather than a primary AI-ecosystem finding.
Attack vector
The unauthenticated POST /api/tunnel/tailscale-install endpoint is not covered by the dashboard's authorization middleware matcher; the sudoPassword field from the request body is written unsanitized to a shell command, allowing arbitrary OS command injection with no authentication.
Affected systems
9Router, versions before 0.4.44
Mitigation
Upgrade to 9Router >= 0.4.44.