Browse all 4 CVE security advisories affecting Cudy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Cudy provides network management solutions with a focus on educational institutions, offering bandwidth control and network monitoring tools. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, with four CVEs documented. Security assessments reveal common issues in authentication mechanisms and input validation. While no major public security incidents have been widely reported, the presence of multiple privilege escalation vulnerabilities suggests potential for unauthorized access. The product's web interface has been particularly susceptible to XSS flaws, posing risks to user sessions. Organizations implementing Cudy should prioritize timely patching and harden authentication controls to mitigate identified risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4537 | Cudy TR1200 ipsec.lua action_ipsec_conn command injection — TR1200CWE-77 | 4.7 | Medium | 2026-03-22 |
| CVE-2025-11134 | Cudy TR1200 Wireless Settings config cross site scripting — TR1200CWE-79 | 2.4 | Low | 2025-09-29 |
| CVE-2025-9725 | Cudy LT500E Web shadow hard-coded password — LT500ECWE-259 | 2.5 | Low | 2025-08-31 |
| CVE-2025-9589 | Cudy WR1200EA shadow default password — WR1200EACWE-1393 | 2.5 | Low | 2025-08-28 |
This page lists every published CVE security advisory associated with Cudy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.