Skip to main content

Archer Be230 Firmware CVE-2026-22228

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2026-02-03 f23511db-6c3e-4e32-a477-6aa17d310630
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 18:16 nvd
MEDIUM 4.9

DescriptionCVE.org

An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

AnalysisAI

TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an authenticated high-privilege user restores a specially crafted configuration file with excessively long parameters. The malicious configuration causes the device to become unresponsive and requires a manual reboot to restore functionality. No patch is currently available for this vulnerability.

Technical ContextAI

Classified as CWE-400 (Uncontrolled Resource Consumption). Affects Archer Be230 Firmware. An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2026-22223 HIGH
8.0 Feb 02

Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad

CVE-2026-22221 HIGH
8.0 Feb 02

Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to

CVE-2026-0631 HIGH
8.0 Feb 02

Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware

CVE-2026-0630 HIGH
8.0 Feb 02

Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar

CVE-2026-22222 HIGH
8.0 Feb 02

Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne

CVE-2026-22227 HIGH
7.2 Feb 02

TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu

CVE-2026-22225 HIGH
7.2 Feb 02

Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute

CVE-2026-22224 HIGH
7.2 Feb 02

TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface t

CVE-2026-22229 HIGH
7.2 Feb 02

Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitra

CVE-2026-22220 MEDIUM
4.5 Feb 03

TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request process

Share

CVE-2026-22228 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy