Cyber Resilience

CVE-2026-5509

High

Published: 27 May 2026

Published
27 May 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0246 82.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5509 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Archer Be450 Firmware. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage…

more

the browser’s developer console by supplying a crafted input that is passed to backend system commands without adequate sanitization. Successful exploitation enables execution of arbitrary commands with elevated privileges on the device, which may allow the attacker to start unauthorized services, modify system configuration, or otherwise fully compromise the router’s operating environment.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

Authenticated command injection in web management interface directly enables T1190 (exploiting public-facing app) and T1059.008 (arbitrary commands via network device CLI).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15607Same vendor: Tp-Link
CVE-2025-6542Same vendor: Tp-Link
CVE-2025-14756Same vendor: Tp-Link
CVE-2026-1315Same vendor: Tp-Link
CVE-2025-15606Same vendor: Tp-Link
CVE-2026-1668Same vendor: Tp-Link
CVE-2025-9014Same vendor: Tp-Link
CVE-2025-15518Same vendor: Tp-Link
CVE-2025-25897Same vendor: Tp-Link
CVE-2025-15519Same vendor: Tp-Link

Affected Assets

tp-link
archer be450 firmware
≤ 1.3.0
tp-link
archer be7200 firmware
≤ 1.3.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References