Kari Hulkko

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer BE400 version 1.1.0 Build 20250710 rel.14914 **Description** A flaw exists in the 802.11 modules of the TP-Link Archer BE400 that can lead to a denial-of-service (DoS) condition. An attacker in close proximity can trigger a device reboot by exploiting a NULL pointer dereference. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. This crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRÅDFRI bulb (affected versions not specified) **Description** The issue arises when an attacker sends a single malformed IEEE 802.15.4 (Zigbee) frame, causing the TRÅDFRI bulb to blink. If the same frame is replayed multiple times, the bulb performs a factory reset, resulting in the loss of configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRÅDFRI gateway (affected versions not specified) **Description** A single malformed IEEE 802.15.4 (Zigbee) frame can make the TRÅDFRI gateway unresponsive. This results in connected lighting being unable to be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The issue is caused by an unauthenticated broadcast message, affecting all vulnerable devices within radio range. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.