Which versions of Tr1200 are affected by CVE-2026-4537?

Organizations using A vulnerability should be aware of moderate risk from CVE-2026-4537, a command injection vulnerability rated CVSS 4.7.

Is there a public PoC exploit available for CVE-2026-4537?

Yes, a public proof-of-concept exploit is available for CVE-2026-4537. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2026-4537?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Tr1200 CVE-2026-4537

Q: What is the CVSS score of CVE-2026-4537?

CVE-2026-4537 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-14277 LOW

Command Injection (CWE-77)

2026-03-22 VulDB

GHSA-cgfg-qq46-f464

Command Injection Tr1200

2.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.0 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.1 (MEDIUM) 2.0 (LOW)

CVSS changed

Apr 24, 2026 - 16:37 NVD

4.7 (MEDIUM) 5.1 (MEDIUM)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 04:30 euvd

EUVD-2026-14277

Analysis Generated

Mar 22, 2026 - 04:30 vuln.today

CVE Published

Mar 22, 2026 - 04:02 nvd

MEDIUM 4.7

DescriptionCVE.org

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in the IPSec controller of Cudy TR1200 routers (R46-2.4.15-20250721-164017) allows remote attackers with administrative privileges to execute arbitrary commands through the action_ipsec_conn function. Public exploit code is available for this vulnerability, and the vendor has not released a patch despite early notification. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS v3.1 base score is moderate at 4.7, the real-world risk is elevated by several factors: (1) the CVSS vector shows low attack complexity (AC:L) and network-accessible attack surface (AV:N), meaning exploitation is straightforward; (2) however, it requires high privileges (PR:H), limiting attack surface to authenticated or previously-compromised administrative sessions; (3) a public proof-of-concept exploit is available and disclosed, significantly raising exploitation probability; (4) EPSS data is not provided, but the 'E:P' (Exploit: Proof-of-Concept Exists) indicator in the vector confirms active public exploitation likelihood; (5) no patch is available (RL:X indicates unknown/unavailable remediation), leaving affected users in a vulnerable state indefinitely. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker with administrative access to the Cudy TR1200 router (either through weak default credentials or prior compromise) navigates to the IPSec configuration page and submits a malicious payload in the IPSec connection parameters. The action_ipsec_conn function concatenates this unsanitized input into a system command (likely via os.execute() or similar Lua constructs), resulting in command injection. …
Remediation	Immediate patch availability is unavailable due to vendor non-response. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4537 vulnerability details – vuln.today

Back