TP-Link Archer BE230 Command Injection Vulnerability in VPN Connection Service

A command injection vulnerability has been identified in the TP-Link Archer BE230 router, specifically in version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability can be exploited after the admin's authentication in the VPN Connection Service. Successful exploitation may allow an attacker to gain full administrative control of the device, severely compromising configuration integrity, network security, and service availability.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the device, allowing for complete control over the router's settings and functions. This access could be used to manipulate network configurations, compromise connected devices, and disrupt services, causing significant harm to the user's network environment.

Remediation

Users are advised to update to the latest firmware version available on the TP-Link official website. The latest version can be downloaded from the TP-Link Download Center for the Archer BE230.