Description
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Published: 2026-02-03
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service on the device's web interface
Action: Apply patch
AI Analysis

Impact

The vulnerability arises from improper input validation in the HTTP processing path of TP‑Link Archer BE230 firmware v1.2. A specially crafted request can cause the web service to hang, rendering the web interface unresponsive until the device recovers or is rebooted. This results in a denial of service that affects availability of the administrative interface, and is classified as CWE‑20.

Affected Systems

TP‑Link Archer BE230 devices running firmware v1.2 prior to 1.2.4 (Build 20251218 rel.70420). Any device within the local network that exposes the web interface is potentially affected.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local network attacker with high privileges, inferred from the need for the attacker to be network adjacent and able to send crafted HTTP requests to the device.

Generated by OpenCVE AI on April 18, 2026 at 14:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Archer BE230 firmware to version 1.2.4 or later from TP‑Link’s official website.
  • Restart the device after the firmware update to ensure the web service is properly refreshed.
  • Configure network firewalls to restrict access to the web interface to trusted management hosts only, limiting exposure to local attackers.

Generated by OpenCVE AI on April 18, 2026 at 14:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be230 Firmware
CPEs cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be230 Firmware
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Wed, 04 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be230
Vendors & Products Tp-link
Tp-link archer Be230

Tue, 03 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
Description A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Title Improper Input Validation Leading to DoS on TP-Link Archer BE230
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Be230 Archer Be230 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-04T18:32:13.840Z

Reserved: 2026-01-06T18:18:52.126Z

Link: CVE-2026-22220

cve-icon Vulnrichment

Updated: 2026-02-04T18:31:58.932Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-03T18:16:19.077

Modified: 2026-02-13T19:26:51.867

Link: CVE-2026-22220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:15:04Z

Weaknesses