CVE-2026-4537
MEDIUMCudy TR1200 ipsec.lua action_ipsec_conn command injection
Title source: cnaDescription
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-352325 | Cudy TR1200 ipsec.lua action_ipsec_conn command injection
https://vuldb.com/?id.352325
Signature, Permissions Required signature
permissions-required
VDB-352325 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.352325
Third Party Advisory third-party-advisory
Submit #774447 | cudy AC1200 Wi-Fi Mini VPN Router TR1200 1.0 TR1200-R46-2.4.15-20250721-164017-flash.zip Command Injection
https://vuldb.com/?submit.774447
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-352325 | Cudy TR1200 ipsec.lua action_ipsec_conn command injection
https://vuldb.com/vuln/352325
Signature, Permissions Required signature
permissions-required
VDB-352325 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/352325/cti
Third Party Advisory third-party-advisory
Submit #774447 | cudy AC1200 Wi-Fi Mini VPN Router TR1200 1.0 TR1200-R46-2.4.15-20250721-164017-flash.zip Command Injection
https://vuldb.com/submit/774447
Scores
CVSS v3
4.7
EPSS
0.0158
EPSS Percentile
72.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-77
Status
published
Products (1)
Cudy/TR1200
R46-2.4.15-20250721-164017
Published
Mar 22, 2026
Tracked Since
Mar 22, 2026