Primary

Context

TP-Link Deco BE65 Pro OS Command Injection Vulnerability

Vulnerability

An OS command injection vulnerability has been identified in the TP-Link Deco BE65 Pro firmware versions prior to 'Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123'. This vulnerability allows users with login access to the device to execute arbitrary OS commands.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of OS commands on the affected device.

Remediation

Users are advised to update the firmware to the latest version. The updated version 'Deco BE65 Pro(JP)_V1_1.1.3 Build 20250403' is available for download on the TP-Link support page for the Deco BE65 Pro.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Deco BE65 Pro OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating