Skip to main content

Archer Be450 Firmware

1 CVEs product

Monthly

CVE-2026-5509 HIGH PATCH This Week

Authenticated command injection in TP-Link Archer BE450 v1 and BE7200 v1 routers lets an admin-level user run arbitrary OS commands with elevated privileges via the web management interface. The flaw stems from improper input validation (CWE-20): crafted input supplied through the management UI is passed to backend system commands without adequate sanitization, enabling full device compromise. There is no public exploit identified at time of analysis, and the CVSS 4.0 vector scopes exploitation to the adjacent network by an already-authenticated administrator.

Command Injection Archer Be450 Firmware Archer Be7200 Firmware
NVD VulDB
CVSS 4.0
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Authenticated command injection in TP-Link Archer BE450 v1 and BE7200 v1 routers lets an admin-level user run arbitrary OS commands with elevated privileges via the web management interface. The flaw stems from improper input validation (CWE-20): crafted input supplied through the management UI is passed to backend system commands without adequate sanitization, enabling full device compromise. There is no public exploit identified at time of analysis, and the CVSS 4.0 vector scopes exploitation to the adjacent network by an already-authenticated administrator.

Command Injection Archer Be450 Firmware Archer Be7200 Firmware
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy