A couple exploits for CVE-2018-11510 by Kyle Lovett (@SquirrelBuddha) and myself (Matthew Fulton/@haqur). Leverages an unauthneticated command injection to get a root shell back.
The metasploit module has a separate payload included in the repo. Will see if I can get them included via a pull request with MSF some point in the near future.
Looks like the bug may be patched now, though I'm sure there are other bugs waiting to be found :D