From nmap, there are http and https service.
This is the https web page, which is a PfSense firewall. (http redirects to https automatically)
This is the result from gobuster.
Take a look at changelog.txt, it seems that there is still a vulnerability hasn’t been patched.
From system-users.txt, we got the idea that the credential is
We successfully login.
I tried to use module
unix/http/pfsense_graph_injection_exec in msf, and got root permission.