← Back

Deco Be25 Firmware

deco_be25_firmware

Vendor: Tp Link • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-0655
1Tp Link
1Deco Be25 Firmware
Mar 6, 2026
Mar 2, 2026
6.9 MEDIUM· v4
8.0 HIGH· v3
N/A· v2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of servi...Show more
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service.  This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.Show less
CVE-2026-0654
1Tp Link
1Deco Be25 Firmware
Mar 6, 2026
Mar 2, 2026
8.5 HIGH· v4
8.0 HIGH· v3
N/A· v2
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via c...Show more
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability of the device. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.Show less