Primary

Context

TP-Link Archer BE230 OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the TP-Link Archer BE230 router, specifically in version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability allows an adjacent authenticated attacker to execute arbitrary commands on the device. Successful exploitation could lead to full administrative control, severely compromising the device's configuration, network security, and service availability.

Impact

Exploitation of this vulnerability could result in unauthorized command execution, allowing an attacker to gain full administrative access to the device.

Remediation

Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link website, with specific links available for the US, Singapore, and general English versions.

Added: Feb 2, 2026, 6:29 PM

Updated: Feb 2, 2026, 6:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.1

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.1

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer BE230 OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating