Path Traversal Vulnerability in TP-Link Deco BE25 by TP-Link
CVE-2026-0655

6.9MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Deco Be25 V1.0
Vendor
CVE Published:
2 March 2026

What is CVE-2026-0655?

The TP-Link Deco BE25 v1.0 contains a flaw that allows an authenticated adjacent attacker to exploit a path traversal vulnerability, enabling them to read arbitrary files on the system. This could lead to unauthorized data exposure or potentially a denial of service for affected users. It is crucial for users to implement security updates and patches to safeguard their devices from these types of vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Deco BE25 v1.0 0 <= 1.1.1 Build 20250822

References

https://www.tp-link.com/sg/support/download/deco-be25/#Fi...
patch
https://www.tp-link.com/en/support/download/deco-be25/#Fi...
patch
https://www.tp-link.com/us/support/download/deco-be25/v1/...
patch

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jro
JSON
.