CVE-2026-4537 | Cudy TR1200 R46-2.4.15-20250721-164017 ipsec.lua action_ipsec_conn command injection (EUVD-2026-14277)
A vulnerability classified as critical was found in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection.
The identification of this vulnerability is CVE-2026-4537. The attack may be launched remotely. Furthermore, there is an exploit available.
Upgrading the affected component is advised.
The vendor explains, that "some other customer has reported this to us before. And we have fixed this."