Description
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent

authenticated

attacker

execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.

This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Published: 2026-02-02
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution (full administrative control)
Action: Immediate Patch
AI Analysis

Impact

An OS Command Injection vulnerability in the VPN modules of the TP‑Link Archer BE230 allows an attacker who has authenticated access to execute arbitrary shell commands on the device. Successful exploitation results in full administrative control, undermining configuration integrity, network security, and service availability.

Affected Systems

TP‑Link Archer BE230 routers running firmware v1.20 and versions earlier than 1.2.4 (Build 20251218 rel.70420). The affected product is the Archer BE230 v1.2 as listed by TP‑Link System Inc.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.5, indicating a high severity rating. The EPSS score is below 1%, suggesting a low likelihood of active exploitation at present, and the issue is not catalogued in CISA’s KEV. Exploitation requires authenticated access, likely through the VPN interface, so privileged local or network access is needed to leverage the flaw. Once executed, an attacker can gain unrestricted command execution.

Generated by OpenCVE AI on April 18, 2026 at 00:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware release that addresses the command injection flaw (e.g., firmware version 1.2.4 or later).
  • If immediate firmware update is not possible, block external management traffic to the router’s admin and VPN interfaces, limiting access to trusted local devices only.
  • Disable or restrict the VPN module and any remote configuration services until a patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 00:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be230 Firmware
CPEs cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be230 Firmware
Metrics cvssV3_1

{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Feb 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be230
Vendors & Products Tp-link
Tp-link archer Be230

Mon, 02 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
Description An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Title Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Tp-link Archer Be230 Archer Be230 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-26T15:04:32.609Z

Reserved: 2026-01-06T18:18:52.127Z

Link: CVE-2026-22223

cve-icon Vulnrichment

Updated: 2026-02-02T18:33:12.666Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-02T18:16:15.007

Modified: 2026-02-06T18:34:34.877

Link: CVE-2026-22223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T00:45:32Z

Weaknesses