Primary

Context

TP-Link Archer BE230 OS Command Injection Vulnerability in VPN Modules

Vulnerability

A command injection vulnerability allowing adjacent authenticated attackers to execute arbitrary code has been identified in the TP-Link Archer BE230 router, version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability, part of a series of similar issues across different code paths, affects the VPN modules of the device. Successful exploitation could grant an attacker full administrative control, severely compromising the device's configuration, network security, and service availability.

Impact

Exploitation of this vulnerability could lead to full administrative access on the affected device, allowing for unauthorized changes to the device's configuration and potentially disrupting network services.

Remediation

Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link website, ensuring to select the correct regional site for the device.

Added: Feb 2, 2026, 6:27 PM

Updated: Feb 2, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer BE230 OS Command Injection Vulnerability in VPN Modules

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating