SID leak / auth bypass, remote root code execution, arbitrary file download.

The Gemtek cpe7000 - WLTCS-106 is used by many telco operators and ISP around the world to provide services such as HD video on demand, media mobility, 3D online gaming and, in general, high data rates services. Mentat researchers have found several vulnerabilities on the device with different impacts, the most serious being an unauthenticated remote root command execution.
Details are available on exploit-db ( EDB-ID: 39716 ) and a full description in the following document: