Exposed header pins allow serial connection to sync module which enables root access to the device with easily bypassed default credentials. A username of “root” and password of “willoXXX” where XXX is the last 3 digits of the serial number (readily available on outside of device) grants root access to the device.

https://www.tenable.com/security/research/tra-2019-51