The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.