Impact
The flaw exists in the action_ipsec_conn function of a Lua controller on Cudy TR1200 routers. An attacker can craft a request that causes the router to execute arbitrary shell commands with the privileges of the internal process handling IPsec. This type of injection allows the attacker to run any code on the device. The vulnerability can be triggered remotely through normal management traffic and has a publicly available exploit. With a CVSS score of 5.1 the flaw is rated moderate, but the ability to launch a remote command injection on a network-connected device elevates the practical risk. The EPSS probability of 10% indicates that exploitation remains uncommon at this time, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the publicly disclosed exploit demonstrates real-world attack potential, and exposure to external networks increases the likelihood that an attacker could abuse the flaw. Attacker exploitation involves sending a crafted IPsec configuration request that includes malicious command fragments, causing the device to execute those fragments as OS-level shell commands.
Affected Systems
Only Cudy TR1200 routers running firmware R46-2.4.15-20250721-164017 are affected; no other firmware versions or products are reported to be impacted.
Risk and Exploitability
The vulnerability's CVSS score of 5.1 indicates moderate severity, yet the ability to perform remote command execution on a network-connected device strongly elevates the practical risk. The EPSS probability of 10% suggests that exploitation remains uncommon at this time, and the vulnerability is not listed in CISA’s KEV catalog. Still, the publicly disclosed exploit demonstrates real-world attack potential. Attackers can exploit the flaw via normal management traffic to run arbitrary shell commands, and the risk is higher for devices exposed to untrusted networks.
OpenCVE Enrichment