Description
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 
and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.



This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.


This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108.
Published: 2026-02-02
Score: 8.5 High
EPSS: 2.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection flaw exists in the VPN Connection Service of certain TP‑Link routers, allowing an authenticated administrator to run arbitrary operating‑system commands with full device privileges. This weakness can compromise the configuration integrity, network security, and overall availability of the affected network device. The vulnerability is classified as an OS command injection (CWE‑78). Based on the description, the vulnerability can be exploited only after an attacker obtains administrative credentials to the router’s management interface.

Affected Systems

The vulnerability affects TP‑Link Archer BE230 firmware versions earlier than 1.2.4 Build 20251218 rel.70420 and TP‑Link Archer AX53 firmware versions earlier than 1.5.3 Build 20260209 rel.71108, as identified by vendor listings. No other models are explicitly mentioned in the official advisory.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity, while the EPSS score is reported as 3 % and the flaw is not listed in CISA’s KEV catalog, suggesting that exploitation in the wild is currently low. Attackers who possess or compromise administrator credentials can exploit the VPN Connection Service to execute commands with system privileges, effectively taking over the device. The risk remains high if administrative access can be obtained, but the likelihood of a public attack appears low at this time.

Generated by OpenCVE AI on June 18, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version that includes the fix (e.g., firmware 1.2.4 Build 20251218 rel.70420 or later for Archer BE230 and firmware 1.5.3 Build 20260209 or later for Archer AXE75).
  • If an immediate firmware update cannot be performed, disable the VPN Connection Service or block external access to it through the router’s firewall or web‑interface settings to prevent exploitation of the vulnerable API.
  • Change the device’s administrator password to a strong, unique value and enable two‑factor authentication if the router supports it to reduce the chance of credential theft.
  • Regularly review the router’s logs for any unexpected login attempts or abnormal command executions and apply network segmentation to isolate the device from critical infrastructure.

Generated by OpenCVE AI on June 18, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2  and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108.
Title Command Injection Vulnerability on TP-Link Archer BE230 v1.2 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0
References

Fri, 06 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be230 Firmware
CPEs cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be230 Firmware
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Wed, 04 Feb 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be230
Vendors & Products Tp-link
Tp-link archer Be230

Mon, 02 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 02 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Title Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}


Subscriptions

Tp-link Archer Be230 Archer Be230 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-19T22:22:43.155Z

Reserved: 2026-01-06T18:18:52.127Z

Link: CVE-2026-22225

cve-icon Vulnrichment

Updated: 2026-02-02T18:54:31.397Z

cve-icon NVD

Status : Modified

Published: 2026-02-02T18:16:15.273

Modified: 2026-06-17T10:19:35.160

Link: CVE-2026-22225

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:30:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')