All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system.
Source: NIST
CVE-2019-3409 (wf820+_lte_outdoor_cpe_firmware)