The vulnerability is an OS command injection that can be triggered after the administrator authenticates to the VPN server configuration module on the TP‑Link Archer BE230 router. An attacker who gains access to the authentication session can inject arbitrary shell commands, effectively gaining full administrative control of the device. This could lead to complete compromise of configuration integrity, network security, and service availability. The weakness is classified as CWE‑78, which reflects improper validation of command strings.

The affected product is the TP‑Link Archer BE230 v1.2 router. Firmware versions earlier than 1.2.4 (Build 20251218 rel.70420) are impacted. Versions of the firmware released at or beyond 1.2.4 have the fix applied. The issue only applies to routers running the default firmware image provided by TP‑Link. No other vendors or products are affected.

The CVSS score of 8.5 places this vulnerability in the high severity range. EPSS indicates a very low exploitation probability (<1%), and it is not currently listed as a known exploited vulnerability in the KEV catalog. Successful exploitation requires prior administrative authentication to the VPN configuration interface, so it is not a pure remote attack but still represents a significant risk if credentials are compromised or the router is otherwise exposed. Attackers would send a specially crafted request after logging in, causing the router to execute arbitrary OS commands with root privileges. Patching the firmware is the only definitive fix, but in the interim disabling the VPN server or monitoring traffic for anomalous command injection attempts can reduce risk.