TP-Link Archer BE230 OS Command Injection Vulnerability in VPN Modules
Vulnerability
A command injection vulnerability allowing adjacent authenticated attackers to execute arbitrary code has been identified in the TP-Link Archer BE230 router, version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability, part of a series of command injection issues across different code paths, affects the VPN modules of the router. Successful exploitation could grant an attacker full administrative control over the device, severely compromising its configuration, network security, and service availability.
Impact
Exploitation of this vulnerability could lead to full administrative access on the affected device, allowing for unauthorized changes to the device's configuration and potentially disrupting network services.
Remediation
Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link official website, selecting the appropriate regional site. For users in the US, the firmware is available on the TP-Link US support page for the Archer BE230.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.