{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T00:26:55.984","vulnerabilities":[{"cve":{"id":"CVE-2026-0654","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2026-03-02T18:16:25.983","lastModified":"2026-03-06T19:47:21.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command.  An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability of the device.\nThis issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822."},{"lang":"es","value":"El manejo inadecuado de entradas en la interfaz web de administración de TP-Link Deco BE25 v1.0 permite que una entrada manipulada sea ejecutada como parte de un comando del sistema operativo. Un atacante adyacente autenticado puede ejecutar comandos arbitrarios a través de un archivo de configuración manipulado, impactando la confidencialidad, integridad y disponibilidad del dispositivo. Este problema afecta a Deco BE25 v1.0: hasta la 1.1.1 Build 20250822."}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tp-link:deco_be25_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.1","matchCriteriaId":"BC0E4EDF-87AD-4298-80F6-4264F837BB28"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tp-link:deco_be25:1.0:*:*:*:*:*:*:*","matchCriteriaId":"D82E7278-1A07-4F82-A96B-F556D844AB28"}]}]}],"references":[{"url":"https://www.tp-link.com/en/support/download/deco-be25/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Product"]},{"url":"https://www.tp-link.com/sg/support/download/deco-be25/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Product"]},{"url":"https://www.tp-link.com/us/support/download/deco-be25/v1/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Product"]},{"url":"https://www.tp-link.com/us/support/faq/4993/","source":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Vendor Advisory"]}]}}]}