Archer Be230 Firmware
Monthly
TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an authenticated high-privilege user restores a specially crafted configuration file with excessively long parameters. The malicious configuration causes the device to become unresponsive and requires a manual reboot to restore functionality. No patch is currently available for this vulnerability.
TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.
Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitrary OS commands by importing a malicious VPN configuration file. An attacker with admin access can achieve full device compromise, affecting network configuration, security posture, and service availability. Affected versions require patching to build 20251218 rel.70420 (BE230) or 20250822 (BE25).
TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration function that allows authenticated administrators to execute arbitrary OS commands with full device privileges. An attacker with admin credentials can exploit this to completely compromise the router, affecting network configuration, security posture, and service availability. The vulnerability affects versions before 1.2.4 Build 20251218 rel.70420 and patches are available.
Command injection in TP-Link Archer BE230 v1.2 firmware's VPN server configuration module allows authenticated administrators to execute arbitrary OS commands and achieve full device compromise. An attacker with admin credentials can exploit this vulnerability to completely override device settings, disrupt network operations, and gain unrestricted control over the router. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.
Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute arbitrary OS commands and achieve full device compromise. An attacker with admin credentials can exploit this vulnerability to manipulate device configuration, disrupt network security, and disable services. A patch is available in firmware version 1.2.4 Build 20251218 rel.70420 and later.
TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface that allows authenticated administrators to execute arbitrary commands with full device privileges. An attacker who compromises an admin account can gain complete control over the router, compromising its configuration, network security, and availability. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.
Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated adjacent attackers to inject OS commands and gain full administrative control of the device. Successful exploitation compromises device configuration, network security, and service availability. A patch is available.
Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent network attackers to achieve full device compromise through OS command injection in multiple code paths. Successful exploitation grants administrative control, enabling attackers to modify device configuration, compromise network security, and disrupt service availability. A patch is available for affected versions.
Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, gaining full administrative control and compromising device configuration and network security. This command injection vulnerability exists across multiple distinct code paths within the VPN module functionality. A firmware patch is available to remediate this issue.
Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware versions before 1.2.4 Build 20251218, achieving full device compromise including administrative control. This command injection vulnerability in the VPN modules allows attackers to manipulate device configuration, disrupt network security, and disable services with high severity impact. A patch is available for affected users.
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, achieving full administrative control. This command injection vulnerability compromises device configuration, network security, and service availability. A patch is available.
TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an authenticated high-privilege user restores a specially crafted configuration file with excessively long parameters. The malicious configuration causes the device to become unresponsive and requires a manual reboot to restore functionality. No patch is currently available for this vulnerability.
TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.
Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitrary OS commands by importing a malicious VPN configuration file. An attacker with admin access can achieve full device compromise, affecting network configuration, security posture, and service availability. Affected versions require patching to build 20251218 rel.70420 (BE230) or 20250822 (BE25).
TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration function that allows authenticated administrators to execute arbitrary OS commands with full device privileges. An attacker with admin credentials can exploit this to completely compromise the router, affecting network configuration, security posture, and service availability. The vulnerability affects versions before 1.2.4 Build 20251218 rel.70420 and patches are available.
Command injection in TP-Link Archer BE230 v1.2 firmware's VPN server configuration module allows authenticated administrators to execute arbitrary OS commands and achieve full device compromise. An attacker with admin credentials can exploit this vulnerability to completely override device settings, disrupt network operations, and gain unrestricted control over the router. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.
Command injection in Archer BE230 v1.2 firmware's VPN Connection Service allows authenticated administrators to execute arbitrary OS commands and achieve full device compromise. An attacker with admin credentials can exploit this vulnerability to manipulate device configuration, disrupt network security, and disable services. A patch is available in firmware version 1.2.4 Build 20251218 rel.70420 and later.
TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface that allows authenticated administrators to execute arbitrary commands with full device privileges. An attacker who compromises an admin account can gain complete control over the router, compromising its configuration, network security, and availability. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.
Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated adjacent attackers to inject OS commands and gain full administrative control of the device. Successful exploitation compromises device configuration, network security, and service availability. A patch is available.
Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent network attackers to achieve full device compromise through OS command injection in multiple code paths. Successful exploitation grants administrative control, enabling attackers to modify device configuration, compromise network security, and disrupt service availability. A patch is available for affected versions.
Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, gaining full administrative control and compromising device configuration and network security. This command injection vulnerability exists across multiple distinct code paths within the VPN module functionality. A firmware patch is available to remediate this issue.
Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware versions before 1.2.4 Build 20251218, achieving full device compromise including administrative control. This command injection vulnerability in the VPN modules allows attackers to manipulate device configuration, disrupt network security, and disable services with high severity impact. A patch is available for affected users.
Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, achieving full administrative control. This command injection vulnerability compromises device configuration, network security, and service availability. A patch is available.