OS Command Injection Vulnerability in Deco BE65 Pro Firmware by TP-Link
CVE-2025-32107

8HIGH

Key Information:

Vendor: Tp-link Corporation Limited
Status: Deco Be65 Pro
Vendor: CVE Published:; 11 April 2025

Summary

An OS command injection vulnerability has been identified in the Deco BE65 Pro firmware versions prior to Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123. This flaw allows authenticated users to execute arbitrary OS commands on the device, potentially compromising the security and integrity of the system. Device administrators are advised to upgrade to the latest firmware to mitigate this risk.

Affected Version(s)

Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123"

References

https://www.tp-link.com/jp/support/download/deco-be65-pro...

https://jvn.jp/en/vu/JVNVU94912671/

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 4, 2025