Skip to main content

Archer Be230 Firmware CVE-2026-22220

MEDIUM
Improper Input Validation (CWE-20)
2026-02-03 f23511db-6c3e-4e32-a477-6aa17d310630
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 18:16 nvd
MEDIUM 4.5

DescriptionCVE.org

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

AnalysisAI

TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). Affects the a denial of component of Archer Be230 Firmware. A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2026-22223 HIGH
8.0 Feb 02

Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad

CVE-2026-22221 HIGH
8.0 Feb 02

Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to

CVE-2026-0631 HIGH
8.0 Feb 02

Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware

CVE-2026-0630 HIGH
8.0 Feb 02

Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar

CVE-2026-22222 HIGH
8.0 Feb 02

Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne

CVE-2026-22227 HIGH
7.2 Feb 02

TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu

CVE-2026-22225 HIGH
7.2 Feb 02

Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute

CVE-2026-22224 HIGH
7.2 Feb 02

TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface t

CVE-2026-22229 HIGH
7.2 Feb 02

Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitra

CVE-2026-22228 MEDIUM
4.9 Feb 03

TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an auth

Share

CVE-2026-22220 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy