OS Command Injection Vulnerability in Deco BE65 Pro Firmware by TP-Link
CVE-2025-32107

8HIGH

Key Information:

Vendor
Tp-link Corporation Limited
Status
Deco Be65 Pro
Vendor
CVE Published:
11 April 2025

Summary

An OS command injection vulnerability has been identified in the Deco BE65 Pro firmware versions prior to Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123. This flaw allows authenticated users to execute arbitrary OS commands on the device, potentially compromising the security and integrity of the system. Device administrators are advised to upgrade to the latest firmware to mitigate this risk.

Affected Version(s)

Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123"

References

https://www.tp-link.com/jp/support/download/deco-be65-pro...
https://jvn.jp/en/vu/JVNVU94912671/

CVSS V3.0

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32107 : OS Command Injection Vulnerability in Deco BE65 Pro Firmware by TP-Link | SecurityVulnerability.io