A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
A Command Injection
Exploit
CVE-2013-2568
NVD
Refer to CVE-2013-2568 NVD advisory