Description
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
Published: 2026-03-22
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution via IPsec controller injection
Action: Apply Patch
AI Analysis

Impact

The vulnerability lies within the action_ipsec_conn function in /usr/bin/lib/lua/luci/controller/ipsec.lua on Cudy TR1200 routers. An attacker can manipulate the input to execute arbitrary shell commands remotely. The injected commands run with the privileges of the router's internal scripting engine, potentially allowing full device takeover. This issue is classified as CWE‑74 and CWE‑77.

Affected Systems

Cudy TR1200 routers running firmware R46‑2.4.15‑20250721‑164017 are affected. No other firmware versions or additional products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.1 reflects moderate severity, and the exploit is publicly disclosed on GitHub and VULDB, indicating real-world attack potential. The EPSS score is <1% and the flaw is not present in the CISA KEV catalog, but the remote attack vector and the ability to execute privileged commands elevate the risk for any router exposed to the internet. Immediate attention to mitigating this vulnerability is recommended to prevent compromise.

Generated by OpenCVE AI on April 29, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Cudy that patches the IPsec controller vulnerability.
  • If a patched firmware is not yet released, disable remote management or block access to the IPSec controller from untrusted networks.
  • Monitor router logs for abnormal command executions and investigate any suspicious activity.
  • Consider replacing the device with a newer, supported router if the vendor does not provide a timely fix.

Generated by OpenCVE AI on April 29, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
References

Wed, 29 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

 cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Cudy
Cudy tr1200
Vendors & Products Cudy
Cudy tr1200

Sun, 22 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Cudy TR1200 ipsec.lua action_ipsec_conn command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Cudy Tr1200
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T05:52:54.859Z

Reserved: 2026-03-21T08:08:42.500Z

Link: CVE-2026-4537

cve-icon Vulnrichment

Updated: 2026-03-23T16:21:40.911Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T05:16:20.063

Modified: 2026-04-29T07:16:03.380

Link: CVE-2026-4537

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T08:00:06Z

Weaknesses