Skip to main content

Archer Be230 Firmware CVE-2026-22229

HIGH
OS Command Injection (CWE-78)
2026-02-02 f23511db-6c3e-4e32-a477-6aa17d310630
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:01 vuln.today
Patch released
Mar 02, 2026 - 18:16 nvd
Patch available
CVE Published
Feb 02, 2026 - 18:16 nvd
HIGH 7.2

DescriptionCVE.org

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Deco BE25 v1.0: through 1.1.1 Build 20250822.

AnalysisAI

Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitrary OS commands by importing a malicious VPN configuration file. An attacker with admin access can achieve full device compromise, affecting network configuration, security posture, and service availability. Affected versions require patching to build 20251218 rel.70420 (BE230) or 20250822 (BE25).

Technical ContextAI

Classified as CWE-78 (OS Command Injection). Affects Archer Be230 Firmware. A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code pa

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

CVE-2026-22223 HIGH
8.0 Feb 02

Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated ad

CVE-2026-22221 HIGH
8.0 Feb 02

Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to

CVE-2026-0631 HIGH
8.0 Feb 02

Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware

CVE-2026-0630 HIGH
8.0 Feb 02

Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmwar

CVE-2026-22222 HIGH
8.0 Feb 02

Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent ne

CVE-2026-22227 HIGH
7.2 Feb 02

TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration fu

CVE-2026-22225 HIGH
7.2 Feb 02

Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute

CVE-2026-22224 HIGH
7.2 Feb 02

TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface t

CVE-2026-22228 MEDIUM
4.9 Feb 03

TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an auth

CVE-2026-22220 MEDIUM
4.5 Feb 03

TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request process

Share

CVE-2026-22229 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy