B55T4Ck

**Name of the Vulnerable Software and Affected Versions** Cudy TR1200 version R46-2.4.15-20250721-164017 **Description** A command injection issue exists in the `action ipsec conn` function within the `/usr/bin/lib/lua/luci/controller/ipsec.lua` file. Exploitation of this issue may allow for remote command execution. The vulnerability has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `action ipsec conn` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N600R version 4.3.0cu.7866 B20220506 **Description** A vulnerability exists in the function `sub 4159F8` of the file `/web cste/cgi-bin/cstecgi.cgi` that can lead to command injection. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.