📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Enterprise Security, Software Development CRITICAL 58m Global vulnerability Software Development, Artificial Intelligence HIGH 1h Global apt Defense and Military CRITICAL 1h Global vulnerability Networking, Software, Infrastructure HIGH 1h Global phishing Information Technology HIGH 2h Global ransomware Multiple sectors CRITICAL 2h Global malware Multiple sectors CRITICAL 2h Global general Cybersecurity LOW 2h Global vulnerability Information Technology CRITICAL 2h Global vulnerability Technology/Software CRITICAL 3h Global vulnerability Enterprise Security, Software Development CRITICAL 58m Global vulnerability Software Development, Artificial Intelligence HIGH 1h Global apt Defense and Military CRITICAL 1h Global vulnerability Networking, Software, Infrastructure HIGH 1h Global phishing Information Technology HIGH 2h Global ransomware Multiple sectors CRITICAL 2h Global malware Multiple sectors CRITICAL 2h Global general Cybersecurity LOW 2h Global vulnerability Information Technology CRITICAL 2h Global vulnerability Technology/Software CRITICAL 3h Global vulnerability Enterprise Security, Software Development CRITICAL 58m Global vulnerability Software Development, Artificial Intelligence HIGH 1h Global apt Defense and Military CRITICAL 1h Global vulnerability Networking, Software, Infrastructure HIGH 1h Global phishing Information Technology HIGH 2h Global ransomware Multiple sectors CRITICAL 2h Global malware Multiple sectors CRITICAL 2h Global general Cybersecurity LOW 2h Global vulnerability Information Technology CRITICAL 2h Global vulnerability Technology/Software CRITICAL 3h
Vulnerabilities

CVE-2026-5509

High
CWE-20 — Weakness Type
Published: May 27, 2026  ·  Modified: Jun 3, 2026  ·  Source: NVD
CVSS v3
7.2
🔗 NVD Official
📄 Description (English)

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the browser’s developer console by supplying a crafted input that is passed to backend system commands without adequate sanitization.

Successful exploitation enables execution of arbitrary commands with elevated privileges on the device, which may allow the attacker to start unauthorized services, modify system configuration, or otherwise fully compromise the router’s operating environment.

🤖 AI Executive Summary

An authenticated command injection vulnerability in Archer BE450 v1 and BE7200 v1 routers allows administrators to execute arbitrary system commands through the web management interface. Exploitation requires valid admin credentials but enables full device compromise with elevated privileges.

📄 Description (Arabic)

تؤثر هذه الثغرة على أجهزة التوجيه Archer BE450 و BE7200 من الإصدار الأول وتسمح بتنفيذ أوامر نظام عشوائية بعد المصادقة. يمكن للمهاجم استخدام وحدة تحكم المتصفح لإدخال بيانات معيبة تمر إلى أوامر النظام الخلفية دون تنقية كافية. يؤدي الاستغلال الناجح إلى اختراق كامل للجهاز مع امتيازات مرتفعة.

🤖 ملخص تنفيذي (AI)

ثغرة حقن أوامر موثقة في أجهزة التوجيه Archer BE450 v1 و BE7200 v1 تسمح للمسؤولين بتنفيذ أوامر نظام عشوائية عبر واجهة الإدارة الويب. يتطلب الاستغلال بيانات اعتماد مسؤول صحيحة لكنه يمكّن من اختراق الجهاز بالكامل بامتيازات مرتفعة.

🤖 AI Intelligence Analysis Analyzed: Jun 2, 2026 18:04
🇸🇦 Saudi Arabia Impact Assessment
Saudi Relevance: high
🏢 Affected Saudi Sectors
telecom government banking energy
⚖️ Saudi Risk Score (AI)
7.0
/ 10.0
🔧 Remediation Steps (English)
Update Archer BE450 v1 and BE7200 v1 routers to patched firmware versions immediately. Restrict administrative access to trusted networks using firewall rules. Implement strong authentication mechanisms and monitor admin interface logs for suspicious activity. Disable remote management if not required.
🔧 خطوات المعالجة (العربية)
قم بتحديث أجهزة التوجيه Archer BE450 v1 و BE7200 v1 إلى إصدارات البرامج الثابتة المصححة فوراً. قيّد الوصول الإداري إلى الشبكات الموثوقة باستخدام قواعد جدار الحماية. طبّق آليات مصادقة قوية ومراقبة سجلات واجهة الإدارة للنشاط المريب. عطّل الإدارة البعيدة إن لم تكن مطلوبة.
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1.1 5.2.1 5.2.2 5.3.1
🔵 SAMA CSF
ID.AM-2 PR.AC-1 PR.AC-4 DE.CM-1
🟡 ISO 27001:2022
A.9.2.1 A.9.2.5 A.9.4.3 A.12.4.1
📦 Affected Products / CPE 2 entries
tp-link:archer_be450_firmware
tp-link:archer_be7200_firmware
📊 CVSS Score
7.2
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredH — High
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.2
CWECWE-20
EPSS0.43%
Exploit No
Patch ✗ No
Published 2026-05-27
Source Feed nvd
🇸🇦 Saudi Risk Score
7.0
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-20
🏢 Vendor Advisories
🔗 https://www.tp-link.com/us/support/faq/5102/
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.