Rejected reason: CVE-2025-41662 is considered redundant or unnecessary and thus should be withdrawn. Instead, a new CVE CVE-2025-41687 has been reserved to better reflect the updated analysis.

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint tls_iotgen_setting).