Archer Be450 Firmware
Monthly
Authenticated command injection in TP-Link Archer BE450 v1 and BE7200 v1 routers lets an admin-level user run arbitrary OS commands with elevated privileges via the web management interface. The flaw stems from improper input validation (CWE-20): crafted input supplied through the management UI is passed to backend system commands without adequate sanitization, enabling full device compromise. There is no public exploit identified at time of analysis, and the CVSS 4.0 vector scopes exploitation to the adjacent network by an already-authenticated administrator.
Authenticated command injection in TP-Link Archer BE450 v1 and BE7200 v1 routers lets an admin-level user run arbitrary OS commands with elevated privileges via the web management interface. The flaw stems from improper input validation (CWE-20): crafted input supplied through the management UI is passed to backend system commands without adequate sanitization, enabling full device compromise. There is no public exploit identified at time of analysis, and the CVSS 4.0 vector scopes exploitation to the adjacent network by an already-authenticated administrator.