Description
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Published: 2026-02-03
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Firmware
AI Analysis

Impact

An authenticated user with high privileges can trigger a denial‑of‑service on TP‑Link Archer BE230 by restoring a configuration file that contains an excessively long parameter. The restoration overflows internal buffers, rendering the router unresponsive until it is rebooted. The flaw is an input‑validation vulnerability, classified as CWE‑400, and limits availability to the affected device during the unresponsive period.

Affected Systems

TP‑Link Archer BE230 devices running firmware before version 1.2.4 Build 20251218 rel.70420 are vulnerable. Any device operating on firmware images older than this build, such as the v1.2 series, must be addressed.

Risk and Exploitability

The CVSS score of 6.8 places this vulnerability in the Medium severity range, while the EPSS score of less than 1% signals a very low current exploitation probability. It is not listed in the CISA KEV catalog. Exploitation requires authenticated access with administrative privileges, implying an internal or compromised configuration model rather than an unauthenticated network attack. The risk therefore concentrates on environments where privileged users can upload configuration files to an unpatched router.

Generated by OpenCVE AI on April 18, 2026 at 18:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install firmware version 1.2.4 or newer from the TP‑Link support site, then apply the update through the router’s web interface.
  • Reboot the router after the firmware installation.
  • If an update is not immediately available, monitor TP‑Link’s support site for the latest firmware releases that address this vulnerability and apply the update promptly when it becomes available.

Generated by OpenCVE AI on April 18, 2026 at 18:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Be230 Firmware
CPEs cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Be230 Firmware
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Wed, 04 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Be230
Vendors & Products Tp-link
Tp-link archer Be230

Tue, 03 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
Description An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Title Improper Input Validation Leading to DoS on TP-Link Archer BE230
Weaknesses CWE-400
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L'}

Subscriptions

Tp-link Archer Be230 Archer Be230 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-04T18:28:42.403Z

Reserved: 2026-01-06T18:18:52.127Z

Link: CVE-2026-22228

cve-icon Vulnrichment

Updated: 2026-02-04T18:28:33.143Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-03T18:16:19.227

Modified: 2026-02-13T19:25:43.203

Link: CVE-2026-22228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:45:05Z

Weaknesses