PT-2026-22661 · Tp Link · Tp-Link Deco Be25
Caprinuxx
·
Publicado
2026-03-02
·
Atualizado
2026-03-02
·
CVE-2026-0654
CVSS v4.0
8.5
Alta
| Vetor | AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
TP-Link Deco BE25 versions through 1.1.1 Build 20250822
Description
A flaw exists in the administration web interface of the device that allows crafted input to be executed as part of an OS command. An authenticated attacker in a nearby network can potentially execute arbitrary commands through a specially crafted configuration file. This could compromise the confidentiality, integrity, and availability of the device.
Recommendations
Update TP-Link Deco BE25 to a version later than 1.1.1 Build 20250822.
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tp-Link Deco Be25