Administration interface has no access restriction, allowsing any local user to execute commands with SYSTEM privileges.
vulners.com/securityvulns/securityvulns:doc:8018