BridgeHead FileStore versions prior to 24A expose the Apache Axis2 administration module with default credentials on network-accessible endpoints. Unauthenticated remote attackers can exploit this vulnerability to execute arbitrary OS commands. The attack involves authenticating to the admin console using default credentials, uploading a malicious Java archive as a web service, and executing commands via SOAP requests to the deployed service. This vulnerability affects versions released before early 2024 and represents a critical security flaw allowing complete system compromise.