Deco Be25 Firmware
Monthly
TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0).
Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.
TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0).
Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.