PT-2026-22661 · Tp Link · Tp-Link Deco Be25
Caprinuxx
·
Published
2026-03-02
·
Updated
2026-03-02
·
CVE-2026-0654
CVSS v4.0
8.5
High
| Vector | AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
TP-Link Deco BE25 versions through 1.1.1 Build 20250822
Description
A flaw exists in the administration web interface of the device that allows crafted input to be executed as part of an OS command. An authenticated attacker in a nearby network can potentially execute arbitrary commands through a specially crafted configuration file. This could compromise the confidentiality, integrity, and availability of the device.
Recommendations
Update TP-Link Deco BE25 to a version later than 1.1.1 Build 20250822.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Deco Be25