Description
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
Published: 2026-03-22
Score: 5.1 Medium
EPSS: 10.3% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the action_ipsec_conn function of a Lua controller on Cudy TR1200 routers. An attacker can craft a request that causes the router to execute arbitrary shell commands with the privileges of the internal process handling IPsec. This type of injection allows the attacker to run any code on the device. The vulnerability can be triggered remotely through normal management traffic and has a publicly available exploit. With a CVSS score of 5.1 the flaw is rated moderate, but the ability to launch a remote command injection on a network-connected device elevates the practical risk. The EPSS probability of 10% indicates that exploitation remains uncommon at this time, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the publicly disclosed exploit demonstrates real-world attack potential, and exposure to external networks increases the likelihood that an attacker could abuse the flaw. Attacker exploitation involves sending a crafted IPsec configuration request that includes malicious command fragments, causing the device to execute those fragments as OS-level shell commands.

Affected Systems

Only Cudy TR1200 routers running firmware R46-2.4.15-20250721-164017 are affected; no other firmware versions or products are reported to be impacted.

Risk and Exploitability

The vulnerability's CVSS score of 5.1 indicates moderate severity, yet the ability to perform remote command execution on a network-connected device strongly elevates the practical risk. The EPSS probability of 10% suggests that exploitation remains uncommon at this time, and the vulnerability is not listed in CISA’s KEV catalog. Still, the publicly disclosed exploit demonstrates real-world attack potential. Attackers can exploit the flaw via normal management traffic to run arbitrary shell commands, and the risk is higher for devices exposed to untrusted networks.

Generated by OpenCVE AI on June 24, 2026 at 12:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest version released by Cudy that resolves the IPsec controller injection issue.
  • Implement preventive input validation (CWE-74) by sanitizing all user-supplied parameters before they are passed to the shell.
  • Apply command neutralization (CWE-77) by whitelisting allowed commands or using safe APIs to avoid shell execution.
  • Block remote access to the IPsec controller or disable remote management until a patch is available.
  • Continuously monitor router logs for anomalous command executions and investigate any suspicious activity.

Generated by OpenCVE AI on June 24, 2026 at 12:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 07:30:00 +0000


Wed, 29 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}


Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Cudy
Cudy tr1200
Vendors & Products Cudy
Cudy tr1200

Sun, 22 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Cudy TR1200 ipsec.lua action_ipsec_conn command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T05:52:54.859Z

Reserved: 2026-03-21T08:08:42.500Z

Link: CVE-2026-4537

cve-icon Vulnrichment

Updated: 2026-03-23T16:21:40.911Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T05:16:20.063

Modified: 2026-06-17T10:56:46.413

Link: CVE-2026-4537

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T12:45:04Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')