Black Duck Software Inc.
01/13/2026 | News release | Distributed by Public on 01/13/2026 13:09
NEW CyRC Advisory: High-severity vulnerability in TP-Link Archer BE400
Overview
The Black Duck Cybersecurity Research Center (CyRC) discovered a vulnerability using Defensics® Fuzzingwith 802.11 protocol test suites to validate recent IEEE 802.11be specification additions against the TP-Link Archer BE400 router. During testing, the router began rebooting repeatedly when exposed to certain anomaly test cases.The vulnerability allows an attacker to make the access point unresponsive to all clients, terminating any ongoing connections. If data transmission to downstream systems is in progress, the data may become corrupted, or, at minimum, the transmission will be interrupted.
Exploitation Details
The vulnerability ( CVE-2025-14631) can be exploited by sending a single malformed 802.11 frame over the air to a TP-Link Archer BE400 within wireless range. This attack does not require authentication and is effective regardless of the configured network security level (WPA2/WPA3).When the crafted frame is processed, the router encounters a NULL pointer dereference in its 802.11 frame-handling logic, causing an immediate reboot. Recovery takes approximately two minutes, during which all services are unavailable. The attacker can repeat the attack indefinitely, creating a sustained denial-of-service (DoS) condition.
Because the flaw resides in the low-level wireless protocol stack, the attack surface is limited to adjacent attackers with RF access, but the impact is significant: All client sessions are terminated and any ongoing data transmission may be interrupted or corrupted.
Specific technical details have been withheld to prevent widespread exploitation, which could severely impact network infrastructure and compromise the security and functionality of affected devices. The CyRC priority is to ensure the protection and stability of wireless networks while collaboratively working to responsibly disclose and address identified issues.
Affected software
Hardware: TP-Link Archer BE400 V1Firmware version: 1.1.0 Build 20250710 rel.14914 or older.
Impact
CVSS v4.0 score: 7.1 (High)CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Remediation
Download and update to the latest firmware version to fix these vulnerabilities.https://www.tp-link.com/us/support/download/archer-be400/#Firmware
https://www.tp-link.com/en/support/download/archer-be400/v1/#Firmware
Discovery credit
Kari Hulkko from the CyRC discovered this vulnerability by using the Defensicswith 802.11 AP test suite.Black Duck would like to thank the TP-Link Product Security team for its responsiveness and cooperation.
Timeline
· August 20, 2025: Initial disclosure to TP-Link· November 19, 2025: Fix received and verified with Defensics
· January 6, 2026: Advisory published by TP-Link
· xx, 2026: Advisory published by Black Duck
References
- TP-Link advisory: https://www.tp-link.com/us/support/faq/4871/
About CVSS
FIRST.Org, Inc (FIRST) is a nonprofit organization based out of the U.S. that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.
Black Duck Software Inc. published this content on January 13, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on January 13, 2026 at 19:09 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]