Description
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent

authenticated

attacker

execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.

This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Published: 2026-02-02
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An OS Command Injection flaw exists in the VPN modules of TP‑Link Archer BE230 firmware 1.2, allowing an authenticated attacker within the local network to execute arbitrary shell commands. The attacker could obtain full administrative control, which can compromise the device’s configuration, disrupt network traffic, and potentially expose sensitive information. This vulnerability is classified as CWE‑78, indicating that untrusted input is passed to the operating system for execution without proper sanitization.

Affected Systems

The flaw affects TP‑Link Systems Inc. Archer BE230 routers running firmware version 1.2 and any subsequent 1.2.x release up to but not including 1.2.4 (Build 20251218 rel.70420). Devices with older or unpatched firmware in this range are vulnerable.

Risk and Exploitability

The CVSS base score of 8.5 marks this issue as highly severe. The EPSS score is below 1%, suggesting a low current exploitation rate, and the vulnerability is not listed in CISA’s KEV catalog. Attack requires local or adjacent authenticated access, and while no public exploit has been reported, the presence of a command injection vector means any compromised account can elevate privileges or trigger arbitrary code execution.

Generated by OpenCVE AI on April 18, 2026 at 14:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Archer BE230 router to firmware version 1.2.4 or newer, which contains the fix for this command injection flaw.
  • Download the latest firmware from TP‑Link’s support site and apply it using the vendor’s documented flashing procedure.
  • Monitor system logs for evidence of unauthorized command execution and block any IP addresses that attempt to exploit the vulnerable endpoint.
  • Restrict remote management access to trusted IP addresses or VPN connections, and consider disabling the VPN modules if they are not required until the device is fully patched.

Generated by OpenCVE AI on April 18, 2026 at 14:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be230 Firmware
CPEs cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be230 Firmware
Metrics cvssV3_1

{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Feb 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be230
Vendors & Products Tp-link
Tp-link archer Be230

Mon, 02 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
Description An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Title Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Tp-link Archer Be230 Archer Be230 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-26T15:04:33.784Z

Reserved: 2026-01-06T18:18:52.126Z

Link: CVE-2026-22221

cve-icon Vulnrichment

Updated: 2026-02-02T18:51:17.241Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-02T18:16:14.740

Modified: 2026-02-06T18:36:03.140

Link: CVE-2026-22221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:30:02Z

Weaknesses