A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.