TP-Link Archer BE230 Command Injection Vulnerability Allowing Administrative Control

A command injection vulnerability has been identified in the TP-Link Archer BE230 router, specifically in version 1.2 prior to 1.2.4 Build 20251218 rel.70420. This vulnerability can be exploited after the admin's authentication through the configuration backup restoration function. Successful exploitation may grant an attacker full administrative control over the device, severely compromising the integrity of its configuration, network security, and availability of services. This CVE is part of a series of distinct OS command injection vulnerabilities found in the same product, each tracked under a unique CVE ID.

Impact

Exploitation of this vulnerability could lead to full administrative access on the device, allowing for unauthorized changes to the configuration, disruption of network services, and potential manipulation of connected devices or users.

Remediation

Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link website, specific to the region of purchase.