What is the CVSS score of CVE-2026-22221?

CVE-2026-22221 has a CVSS 3.1 base score of 8.0 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Archer Be230 Firmware are affected by CVE-2026-22221?

A HIGH severity command injection vulnerability in TP-Link Archer BE230 routers (v1.2 with VPN modules) allows authenticated attackers to execute arbitrary code, potentially compromising network…. A patch is available.

Archer Be230 Firmware CVE-2026-22221

Q: How to fix or mitigate CVE-2026-22221?

Within 24 hours: Identify all TP-Link Archer BE230 v1.2 devices in your environment and document their locations and criticality. Within 7 days: Apply the available vendor patch to all affected devices, prioritizing internet-facing and high-value network segments. Within 30 days: Verify patch deployment across all instances and confirm successful remediation through vendor-supplied validation methods.

HIGH

OS Command Injection (CWE-78)

2026-02-02 f23511db-6c3e-4e32-a477-6aa17d310630

Command Injection TP-Link Archer Be230 Firmware

8.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

Patch released

Feb 06, 2026 - 18:36 nvd

Patch available

CVE Published

Feb 02, 2026 - 18:16 nvd

HIGH 8.0

DescriptionNVD

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent

authenticated

attacker

execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.

This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

AnalysisAI

Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, gaining full administrative control and compromising device configuration and network security. This command injection vulnerability exists across multiple distinct code paths within the VPN module functionality. …

RemediationAI

Within 24 hours: Identify all TP-Link Archer BE230 v1.2 devices in your environment and document their locations and criticality. Within 7 days: Apply the available vendor patch to all affected devices, prioritizing internet-facing and high-value network segments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory