Description
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent

authenticated

attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.

This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 <
1.5.3 Build 20260209 rel. 71108.
Published: 2026-02-02
Score: 8.5 High
EPSS: 1.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An OS Command Injection flaw in the web modules of TP‑Link Archer BE230 v1.2 and Archer AXE75 v1.0 allows an authenticated user to inject arbitrary operating‑system commands. Successful exploitation can give the attacker full administrative control over the device, enabling configuration tampering, network compromise, and availability disruption. The vulnerability is identified as CWE‑78.

Affected Systems

The vulnerability affects TP‑Link Archer BE230 firmware versions up to but not including 1.2.4 Build 20251218 rel.70420 – specifically versions 1.2.0 through 1.2.3 – and TP‑Link Archer AXE75 firmware versions prior to 1.5.3 Build 20260209 rel.71108. The affected models are the Archer BE230 and the AXE75 series.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity flaw. The EPSS score of 1 % suggests a low current exploitation likelihood. The attack requires an authenticated session within the router’s web interface, so the main risk is to routers that expose the management interface to local or remote users. The vulnerability is not listed in the CISA KEV catalog. If remote management is enabled or the device is reachable from the broader network, the risk increases, and administrators should consider immediate remediation.

Generated by OpenCVE AI on June 18, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update (v1.20 or later) to Archer BE230 or the latest firmware for AXE75 that includes the fix for the command injection flaw.
  • Disable or restrict remote management of the router, allowing access only from trusted internal IP addresses or via VPN connections.
  • Enforce strong, unique passwords and enable two‑factor authentication for the router’s administrative interface to limit the impact of any future authenticated exploitation.

Generated by OpenCVE AI on June 18, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Description An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108.
Title Command Injection Vulnerability on TP-Link Archer BE230 v1.2 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0
References

Fri, 06 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be230 Firmware
CPEs cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be230 Firmware
Metrics cvssV3_1

{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Wed, 04 Feb 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be230
Vendors & Products Tp-link
Tp-link archer Be230

Mon, 02 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 02 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
Description An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Title Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}


Subscriptions

Tp-link Archer Be230 Archer Be230 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-19T22:22:37.773Z

Reserved: 2026-01-06T00:07:44.620Z

Link: CVE-2026-0630

cve-icon Vulnrichment

Updated: 2026-02-02T18:48:03.683Z

cve-icon NVD

Status : Modified

Published: 2026-02-02T18:16:13.403

Modified: 2026-06-17T10:11:06.810

Link: CVE-2026-0630

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:30:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')