Search criteria
24 vulnerabilities found for archer_be230_firmware by tp-link
CVE-2026-22228 (GCVE-0-2026-22228)
Vulnerability from nvd – Published: 2026-02-03 17:20 – Updated: 2026-02-04 18:28
VLAI?
Title
Improper Input Validation Leading to DoS on TP-Link Archer BE230
Summary
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
0xakm
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T18:27:53.729113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T18:28:42.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "0xakm"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated user with high privileges may trigger a denial\u2011of\u2011service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An authenticated user with high privileges may trigger a denial\u2011of\u2011service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T17:20:34.537Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4941/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation Leading to DoS on TP-Link Archer BE230",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22228",
"datePublished": "2026-02-03T17:20:34.537Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-04T18:28:42.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22220 (GCVE-0-2026-22220)
Vulnerability from nvd – Published: 2026-02-03 17:15 – Updated: 2026-02-04 18:32
VLAI?
Title
Improper Input Validation Leading to DoS on TP-Link Archer BE230
Summary
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
zeix
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T18:31:02.300086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T18:32:13.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zeix"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device\u2019s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device\u2019s web interface to temporarily stop responding until it recovers or is rebooted.\u003cbr\u003e\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device\u2019s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device\u2019s web interface to temporarily stop responding until it recovers or is rebooted.\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T17:15:59.836Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4941/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation Leading to DoS on TP-Link Archer BE230",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22220",
"datePublished": "2026-02-03T17:15:59.836Z",
"dateReserved": "2026-01-06T18:18:52.126Z",
"dateUpdated": "2026-02-04T18:32:13.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22229 (GCVE-0-2026-22229)
Vulnerability from nvd – Published: 2026-02-02 17:58 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:59.578719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:31.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. \u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. \nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:58:32.205Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22229",
"datePublished": "2026-02-02T17:58:32.205Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:31.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22227 (GCVE-0-2026-22227)
Vulnerability from nvd – Published: 2026-02-02 17:56 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:58.898384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:31.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:56:25.111Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22227",
"datePublished": "2026-02-02T17:56:25.111Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:31.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22226 (GCVE-0-2026-22226)
Vulnerability from nvd – Published: 2026-02-02 17:55 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:58.218355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:31.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:55:30.434Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22226",
"datePublished": "2026-02-02T17:55:30.434Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:31.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22225 (GCVE-0-2026-22225)
Vulnerability from nvd – Published: 2026-02-02 17:53 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:57.509427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:53:42.203Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22225",
"datePublished": "2026-02-02T17:53:42.203Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:32.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22224 (GCVE-0-2026-22224)
Vulnerability from nvd – Published: 2026-02-02 17:52 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:56.722916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:52:04.728Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22224",
"datePublished": "2026-02-02T17:52:04.728Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:32.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22223 (GCVE-0-2026-22223)
Vulnerability from nvd – Published: 2026-02-02 17:49 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent
authenticated
attacker
execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link System Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:55.996119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link System Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\nauthenticated \n\nattacker \n\nexecute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:49:58.951Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22223",
"datePublished": "2026-02-02T17:49:58.951Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22222 (GCVE-0-2026-22222)
Vulnerability from nvd – Published: 2026-02-02 17:49 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
sunshinefactory
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:55.298260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "sunshinefactory"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\nauthenticated \n\nattacker to\u00a0execute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:49:22.166Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22222",
"datePublished": "2026-02-02T17:49:22.166Z",
"dateReserved": "2026-01-06T18:18:52.126Z",
"dateUpdated": "2026-02-26T15:04:32.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22221 (GCVE-0-2026-22221)
Vulnerability from nvd – Published: 2026-02-02 17:43 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent
authenticated
attacker
execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro and caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:54.534139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:33.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"vpn"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro and caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\nauthenticated \n\nattacker \n\nexecute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:43:24.983Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22221",
"datePublished": "2026-02-02T17:43:24.983Z",
"dateReserved": "2026-01-06T18:18:52.126Z",
"dateUpdated": "2026-02-26T15:04:33.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0631 (GCVE-0-2026-0631)
Vulnerability from nvd – Published: 2026-02-02 17:48 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:56:01.282700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:33.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"vpn"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent \n\nauthenticated \n\nattacker to\u00a0execute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:48:21.791Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-0631",
"datePublished": "2026-02-02T17:48:21.791Z",
"dateReserved": "2026-01-06T00:08:04.749Z",
"dateUpdated": "2026-02-26T15:04:33.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0630 (GCVE-0-2026-0630)
Vulnerability from nvd – Published: 2026-02-02 17:48 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro and caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:56:00.502308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:33.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro and caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker to execute\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\nauthenticated \n\nattacker to execute\u00a0arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:48:05.697Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-0630",
"datePublished": "2026-02-02T17:48:05.697Z",
"dateReserved": "2026-01-06T00:07:44.620Z",
"dateUpdated": "2026-02-26T15:04:33.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22228 (GCVE-0-2026-22228)
Vulnerability from cvelistv5 – Published: 2026-02-03 17:20 – Updated: 2026-02-04 18:28
VLAI?
Title
Improper Input Validation Leading to DoS on TP-Link Archer BE230
Summary
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
0xakm
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T18:27:53.729113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T18:28:42.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "0xakm"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated user with high privileges may trigger a denial\u2011of\u2011service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An authenticated user with high privileges may trigger a denial\u2011of\u2011service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T17:20:34.537Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4941/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation Leading to DoS on TP-Link Archer BE230",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22228",
"datePublished": "2026-02-03T17:20:34.537Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-04T18:28:42.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22220 (GCVE-0-2026-22220)
Vulnerability from cvelistv5 – Published: 2026-02-03 17:15 – Updated: 2026-02-04 18:32
VLAI?
Title
Improper Input Validation Leading to DoS on TP-Link Archer BE230
Summary
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
zeix
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T18:31:02.300086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T18:32:13.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zeix"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device\u2019s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device\u2019s web interface to temporarily stop responding until it recovers or is rebooted.\u003cbr\u003e\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device\u2019s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device\u2019s web interface to temporarily stop responding until it recovers or is rebooted.\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T17:15:59.836Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4941/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation Leading to DoS on TP-Link Archer BE230",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22220",
"datePublished": "2026-02-03T17:15:59.836Z",
"dateReserved": "2026-01-06T18:18:52.126Z",
"dateUpdated": "2026-02-04T18:32:13.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22229 (GCVE-0-2026-22229)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:58 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:59.578719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:31.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. \u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. \nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:58:32.205Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22229",
"datePublished": "2026-02-02T17:58:32.205Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:31.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22227 (GCVE-0-2026-22227)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:56 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:58.898384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:31.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:56:25.111Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22227",
"datePublished": "2026-02-02T17:56:25.111Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:31.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22226 (GCVE-0-2026-22226)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:55 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:58.218355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:31.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:55:30.434Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22226",
"datePublished": "2026-02-02T17:55:30.434Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:31.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22225 (GCVE-0-2026-22225)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:53 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:57.509427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:53:42.203Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22225",
"datePublished": "2026-02-02T17:53:42.203Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:32.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22224 (GCVE-0-2026-22224)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:52 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:56.722916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\u003cbr\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\n\n\nThis issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:52:04.728Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22224",
"datePublished": "2026-02-02T17:52:04.728Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:32.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22223 (GCVE-0-2026-22223)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:49 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent
authenticated
attacker
execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link System Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:55.996119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link System Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\nauthenticated \n\nattacker \n\nexecute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:49:58.951Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22223",
"datePublished": "2026-02-02T17:49:58.951Z",
"dateReserved": "2026-01-06T18:18:52.127Z",
"dateUpdated": "2026-02-26T15:04:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22222 (GCVE-0-2026-22222)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:49 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
sunshinefactory
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:55.298260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:32.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "sunshinefactory"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\nauthenticated \n\nattacker to\u00a0execute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:49:22.166Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22222",
"datePublished": "2026-02-02T17:49:22.166Z",
"dateReserved": "2026-01-06T18:18:52.126Z",
"dateUpdated": "2026-02-26T15:04:32.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0631 (GCVE-0-2026-0631)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:48 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:56:01.282700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:33.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"vpn"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent \n\nauthenticated \n\nattacker to\u00a0execute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:48:21.791Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-0631",
"datePublished": "2026-02-02T17:48:21.791Z",
"dateReserved": "2026-01-06T00:08:04.749Z",
"dateUpdated": "2026-02-26T15:04:33.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0630 (GCVE-0-2026-0630)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:48 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent
authenticated
attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro and caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:56:00.502308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:33.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro and caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker to execute\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent \n\nauthenticated \n\nattacker to execute\u00a0arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:48:05.697Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-0630",
"datePublished": "2026-02-02T17:48:05.697Z",
"dateReserved": "2026-01-06T00:07:44.620Z",
"dateUpdated": "2026-02-26T15:04:33.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22221 (GCVE-0-2026-22221)
Vulnerability from cvelistv5 – Published: 2026-02-02 17:43 – Updated: 2026-02-26 15:04
VLAI?
Title
Command Injection Vulnerability on TP-Link Archer BE230 v1.2
Summary
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent
authenticated
attacker
execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer BE230 v1.2 |
Affected:
0 , < 1.2.4 Build 20251218 rel.70420
(custom)
|
Credits
jro and caprinuxx
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:54.534139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:33.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"vpn"
],
"product": "Archer BE230 v1.2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.4 Build 20251218 rel.70420",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jro and caprinuxx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated \u003c/span\u003e\n\nattacker \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute arbitrary code\u003c/span\u003e.\u0026nbsp;Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.\u003cp\u003eThis issue affects Archer BE230 v1.2 \u0026lt; 1.2.4 Build 20251218 rel.70420.\u003c/p\u003e"
}
],
"value": "An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent \n\nauthenticated \n\nattacker \n\nexecute arbitrary code.\u00a0Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.\n\nThis CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 \u003c 1.2.4 Build 20251218 rel.70420."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:43:24.983Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4935/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability on TP-Link Archer BE230 v1.2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-22221",
"datePublished": "2026-02-02T17:43:24.983Z",
"dateReserved": "2026-01-06T18:18:52.126Z",
"dateUpdated": "2026-02-26T15:04:33.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}