Archer Be230 Firmware
CVE-2026-22229
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Deco BE25 v1.0: through 1.1.1 Build 20250822.
AnalysisAI
Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitrary OS commands by importing a malicious VPN configuration file. An attacker with admin access can achieve full device compromise, affecting network configuration, security posture, and service availability. Affected versions require patching to build 20251218 rel.70420 (BE230) or 20250822 (BE25).
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Affects Archer Be230 Firmware. A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code pa
RemediationAI
A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.
More in Archer Be230 Firmware
View allArbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad
Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to
Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar
Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne
TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu
Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute
TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface t
TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an auth
TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request process
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today