TP-Link Archer BE230 OS Command Injection Vulnerability

A command injection vulnerability has been identified in the TP-Link Archer BE230 router, specifically in version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability allows an adjacent authenticated attacker to execute arbitrary commands on the device. Successful exploitation could lead to full administrative control, severely compromising the device's configuration, network security, and service availability.

Impact

Exploitation of this vulnerability could result in unauthorized command execution, allowing attackers to gain full administrative access to the device and disrupt its normal functioning or manipulate its settings.

Remediation

Users are advised to update the router's firmware to the latest version. The updated firmware can be downloaded from the TP-Link official website, selecting the appropriate regional site. For US users, the firmware is available on the TP-Link US support page for the Archer BE230.