PT-2026-44065 · Tp Link · Archer Be7200+1
Chuya Hayakawa
·
Published
2026-05-27
·
Updated
2026-05-27
·
CVE-2026-5509
CVSS v4.0
8.5
High
| Vector | AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Archer BE450 v1
Archer BE7200 v1
Description
An authenticated command injection allows an administrator to execute arbitrary system commands through the web management interface. By using the browser developer console, a crafted input can be supplied that is passed to backend system commands without adequate sanitization. Successful exploitation enables the execution of commands with elevated privileges, potentially allowing the attacker to start unauthorized services, modify system configuration, or fully compromise the router operating environment.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archer Be450
Archer Be7200