NULL Pointer Dereference Vulnerability in TP-Link Archer BE400
CVE-2025-14631

7.1HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Archer Be400
Vendor
CVE Published:
7 January 2026

What is CVE-2025-14631?

A NULL Pointer Dereference vulnerability in the TP-Link Archer BE400 V1 affects the 802.11 modules, allowing adjacent attackers to initiate a denial-of-service (DoS) attack, which results in the device unexpectedly rebooting. This vulnerability primarily impacts the Archer BE400 in version xi 1.1.0 Build 20250710 rel.14914, posing significant risks to device availability and functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Archer BE400 0 <= 1.1.0 Build 20250710 rel.14914

References

https://www.tp-link.com/en/support/download/archer-be400/...
patch
https://www.tp-link.com/us/support/download/archer-be400/...
patch
https://www.tp-link.com/us/support/faq/4871/
vendor-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kari Hulkko of Black Duck Cybersecurity Research Center (CyRC)
JSON
.