CVE-2025-14631
MEDIUMTP-Link Archer BE400 < 1.1.0 - Denial of Service via NULL Pointer Dereference
Title source: llmDescription
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.
References (3)
Core 3
Core References
Various Sources patch
https://www.tp-link.com/en/support/download/archer-be400/v1/#Firmware
Various Sources patch
https://www.tp-link.com/us/support/download/archer-be400/#Firmware
Various Sources vendor-advisory
https://www.tp-link.com/us/support/faq/4871/
Scores
CVSS v3
6.5
EPSS
0.0003
EPSS Percentile
8.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
tp-link/archer_be400_firmware
< 1.1.0
Published
Jan 07, 2026
Tracked Since
Feb 18, 2026