[helper]

The vulnerability is that you can play tricks on interactive users' output. In general people (besides nerds) aren't shelling into these devices so it really doesn't seem like that big of a deal.

[zaarn]

I quite often shell into such devices. I think just playing tricks is a start and can easily escalate into something more serious.

Alpine also uses Busybox by default (IIRC) and people will use that definitely so it's definitely a problem.

Busybox is not only used in embedded devices.