Archer Be230 Firmware CVE-2026-0630
HIGHCVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
AnalysisAI
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, achieving full administrative control. This command injection vulnerability compromises device configuration, network security, and service availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all TP-Link Archer BE230 v1.2 devices in production. Within 7 days: Apply available vendor patch to all affected devices during maintenance windows. …
Sign in for detailed remediation steps.
More from same product – last 7 days
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac
Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a
Share
External POC / Exploit Code
Leaving vuln.today