CVE-2026-4537: Command Injection in Cudy TR1200
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
AI Analysis
Technical Summary
The Cudy TR1200 router firmware version R46-2.4.15-20250721-164017 contains a command injection vulnerability in the action_ipsec_conn function within the ipsec.lua controller script. This flaw allows remote attackers to manipulate input parameters to execute arbitrary commands on the device. The vulnerability was publicly disclosed and the vendor confirmed that it has been fixed following customer reports. No official patch link is provided in the data, but upgrading to a fixed version is advised.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker with remote access to execute arbitrary commands on the affected device, potentially leading to unauthorized control or disruption of the router's operation. The CVSS score of 5.1 reflects a medium impact, with network attack vector and no user interaction required. However, the attack requires high privileges, which may limit exploitation scenarios.
Mitigation Recommendations
The vendor has stated that the vulnerability has been fixed following customer reports. Users should upgrade their Cudy TR1200 firmware to a version later than R46-2.4.15-20250721-164017 where the issue is resolved. Since no official patch link is provided, users should consult the vendor's support channels or website for the latest firmware updates. Until upgraded, restricting remote access to the device may reduce exposure.
CVE-2026-4537: Command Injection in Cudy TR1200
Description
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this."
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Cudy TR1200 router firmware version R46-2.4.15-20250721-164017 contains a command injection vulnerability in the action_ipsec_conn function within the ipsec.lua controller script. This flaw allows remote attackers to manipulate input parameters to execute arbitrary commands on the device. The vulnerability was publicly disclosed and the vendor confirmed that it has been fixed following customer reports. No official patch link is provided in the data, but upgrading to a fixed version is advised.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker with remote access to execute arbitrary commands on the affected device, potentially leading to unauthorized control or disruption of the router's operation. The CVSS score of 5.1 reflects a medium impact, with network attack vector and no user interaction required. However, the attack requires high privileges, which may limit exploitation scenarios.
Mitigation Recommendations
The vendor has stated that the vulnerability has been fixed following customer reports. Users should upgrade their Cudy TR1200 firmware to a version later than R46-2.4.15-20250721-164017 where the issue is resolved. Since no official patch link is provided, users should consult the vendor's support channels or website for the latest firmware updates. Until upgraded, restricting remote access to the device may reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-21T08:08:42.500Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69bf707bf4197a8e3b474c59
Added to database: 3/22/2026, 4:30:51 AM
Last enriched: 4/30/2026, 2:43:58 AM
Last updated: 5/7/2026, 4:58:22 AM
Views: 106
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.