Cudy TR1200 Command Injection Vulnerability in IPsec Controller
Vulnerability
A command injection vulnerability has been identified in the Cudy TR1200 AC1200 Wi-Fi Mini VPN Router, specifically in the firmware version TR1200-R46-2.4.15-20250721-164017. The vulnerability resides in the IPsec controller file 'ipsec.lua', within the 'action_ipsec_conn' function. This issue allows authenticated attackers to execute arbitrary commands on the device by injecting payloads that are executed by the system shell. The vulnerability can be exploited remotely, and details of the exploit have been publicly disclosed.
Impact
Exploitation of this vulnerability allows for authenticated command injection, where an attacker can execute arbitrary commands with root privileges on the affected device.
Reproduction
To reproduce this vulnerability, an authenticated user must send a GET request to the '/cgi-bin/luci/admin/network/vpn/ipsecs2s/conn/' endpoint, including a payload that takes advantage of the command injection flaw. The injected command will be executed on the router's operating system.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.