Archer Be230 Firmware
CVE-2026-22224
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
AnalysisAI
TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface that allows authenticated administrators to execute arbitrary commands with full device privileges. An attacker who compromises an admin account can gain complete control over the router, compromising its configuration, network security, and availability. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Affects the cloud communication component of Archer Be230 Firmware. A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each
RemediationAI
A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.
More in Archer Be230 Firmware
View allArbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad
Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to
Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar
Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne
TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu
Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute
Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitra
TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an auth
TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request process
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today