During my free time of research , I manage to find an XSS & CSRF Vulnerability in
Ipfire's' Firewall which could potentially lead to arbitrary Remote Code Execution with root privileges thanks to known vulnerability on the backup process.
Here, you can see the POC, when an authenticated admin clicks on the malicious link, the attacker can gain control over the router.