EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.