Command-injection vulnerabilities exist in diag_smart.php and diag_routes.php.
These allow authenticated WebGUI users with privileges for diag_smart.php or
diag_routes.php to execute commands in the context of the root user.
A user on pfSense version 2.3.1 or earlier, granted limited access to the
pfSense web configurator GUI including access to diag_smart.php and
diag_routes.php via their associated privileges: "WebCfg - Diagnostics:
S.M.A.R.T. Status" and "WebCfg - Diagnostics: Routing Tables" respectively,
could leverage these vulnerabilities to gain increased privileges, read other
files, execute commands, or perform other alterations.
This is not relevant for admin-level users as there are other deliberate means
by which an administrator could run commands.