Description
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the browser’s developer console by supplying a crafted input that is passed to backend system commands without adequate sanitization.

Successful exploitation enables execution of arbitrary commands with elevated privileges on the device, which may allow the attacker to start unauthorized services, modify system configuration, or otherwise fully compromise the router’s operating environment.
Published: 2026-05-27
Score: 8.5 High
EPSS: 2.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated command injection flaw is present in the web management interface of the Archer BE450 v1 and BE7200 V1 routers. After login, a user can manipulate the browser’s developer console to inject payloads that bypass input sanitization. The injection delivers arbitrary shell commands with elevated privileges, enabling full compromise of the router’s operating system, such as starting unauthorized services, modifying configuration, or tampering with network traffic. The vulnerability is identified as CWE-20 input validation failure as well as CWE-77 command injection.

Affected Systems

TP‑Link Archer BE450 version 1 and TP‑Link Archer BE7200 version 1 are affected. No additional product versions are listed in the CNA data, so only these hardware models and firmware releases are considered at risk.

Risk and Exploitability

The flaw has a CVSS score of 8.5, indicating high severity. Exploitation requires authenticated administrative access to the router, suggesting the attack vector is local networks with admin credentials, though remote exploitation is possible if an attacker obtains those credentials. The EPSS score of 2% indicates a relatively low exploitation probability, and the lack of KEV listing further reduces the likelihood of widespread exploitation. Nonetheless, the ability to execute privileged commands provides a clear path to full device compromise, warranting immediate attention.

Generated by OpenCVE AI on June 16, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version released by TP‑Link that addresses the command injection flaw
  • Restrict administrative access to the router to a local network or trusted devices to reduce exposure to the web interface
  • Consider disabling the developer console or enforcing stricter browser security policies to limit the injection surface

Generated by OpenCVE AI on June 16, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 02 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be450
Tp-link archer Be450 Firmware
Tp-link archer Be7200
Tp-link archer Be7200 Firmware
Weaknesses CWE-77
CPEs cpe:2.3:h:tp-link:archer_be450:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_be7200:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be7200_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be450
Tp-link archer Be450 Firmware
Tp-link archer Be7200
Tp-link archer Be7200 Firmware
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be450 V1
Tp-link archer Be7200 V1
Vendors & Products Tp-link
Tp-link archer Be450 V1
Tp-link archer Be7200 V1

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the browser’s developer console by supplying a crafted input that is passed to backend system commands without adequate sanitization. Successful exploitation enables execution of arbitrary commands with elevated privileges on the device, which may allow the attacker to start unauthorized services, modify system configuration, or otherwise fully compromise the router’s operating environment.
Title Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Be450 Archer Be450 Firmware Archer Be450 V1 Archer Be7200 Archer Be7200 Firmware Archer Be7200 V1
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-06-02T20:13:19.863Z

Reserved: 2026-04-03T16:59:38.570Z

Link: CVE-2026-5509

cve-icon Vulnrichment

Updated: 2026-05-27T17:59:17.671Z

cve-icon NVD

Status : Modified

Published: 2026-05-27T18:16:29.050

Modified: 2026-06-02T21:16:28.637

Link: CVE-2026-5509

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T12:45:16Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')