CVE-2023-34849

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.

CVE-2022-40469

iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.

CVE-2021-28075

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.