~~Right in the Security Advisory~~
allow an unauthenticated, local attacker to access an affected system using static credentials.
Edit: NVM, later it says
The second is using SSH, which is enabled by default on the management interface of the device.
You are right:
Holy fuck.