Archer Be230 Firmware
CVE-2026-22220
MEDIUM
Severity by source
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
AnalysisAI
TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.
Technical ContextAI
Classified as CWE-20 (Improper Input Validation). Affects the a denial of component of Archer Be230 Firmware. A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
RemediationAI
Monitor vendor advisories for a patch.
More in Archer Be230 Firmware
View allArbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad
Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to
Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar
Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne
TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu
Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute
TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface t
Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitra
TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an auth
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today