Archer Be230 Firmware
CVE-2026-22228
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
AnalysisAI
TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an authenticated high-privilege user restores a specially crafted configuration file with excessively long parameters. The malicious configuration causes the device to become unresponsive and requires a manual reboot to restore functionality. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-400 (Uncontrolled Resource Consumption). Affects Archer Be230 Firmware. An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Archer Be230 Firmware
View allArbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad
Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to
Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar
Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne
TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu
Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute
TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface t
Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitra
TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request process
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allShare
External POC / Exploit Code
Leaving vuln.today