Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.