TP-Link has disclosed multiple critical authenticated command injection vulnerabilities affecting the Archer BE230 v1.2 Wi-Fi router, enabling attackers with administrative access to execute arbitrary commands and seize complete control of affected devices.
Security researchers jro, caprinuxx, and sunshinefactory discovered nine distinct vulnerabilities tracked under separate CVE identifiers.
The flaws impact various components of the router’s firmware, including web interfaces, VPN modules, cloud communication systems, and configuration management functions.
Each vulnerability represents a unique code path exploitation point, requiring individual CVE tracking.
Technical Overview
The vulnerabilities stem from insufficient input validation in multiple firmware components.
Attackers exploiting these flaws can inject malicious operating system commands through authenticated interfaces, bypassing standard security controls.
Eight of the nine vulnerabilities require adjacent network access with high privileges, while one flaw (CVE-2026-22229) can be exploited remotely through importing specially crafted configuration files.
Successful exploitation grants attackers full administrative control over the router, compromising configuration integrity, network security perimeters, and service availability.
The vulnerabilities could enable persistent backdoor installation, traffic interception, network pivoting, and complete infrastructure compromise in enterprise and home network environments.
| CVE ID | Affected Component | CVSS v4.0 | Attack Vector | Privileges Required |
|---|---|---|---|---|
| CVE-2026-0630 | Web Modules | 8.5 | Adjacent Network | High |
| CVE-2026-22222 | Web Modules | 8.5 | Adjacent Network | High |
| CVE-2026-0631 | VPN Modules | 8.5 | Adjacent Network | High |
| CVE-2026-22221 | VPN Modules | 8.5 | Adjacent Network | High |
| CVE-2026-22223 | VPN Modules | 8.5 | Adjacent Network | High |
| CVE-2026-22224 | Cloud Communication | 8.5 | Adjacent Network | High |
| CVE-2026-22225 | VPN Connection Service | 8.5 | Adjacent Network | High |
| CVE-2026-22226 | VPN Server Configuration | 8.5 | Adjacent Network | High |
| CVE-2026-22227 | Configuration Backup | 8.5 | Adjacent Network | High |
| CVE-2026-22229 | Configuration File Import | 8.6 | Network | High |
All nine CVE identifiers affect Archer BE230 v1.2 firmware versions before 1.2.4 Build 20251218.
The vulnerabilities carry CVSS v4.0 severity scores between 8.5 and 8.6, classified as High severity.
CVE-2026-22229 presents the highest risk with a score of 8.6 due to its network-accessible attack vector, while the remaining eight CVEs score 8.5 with adjacent network access requirements.
The affected components include web administration modules (CVE-2026-0630, CVE-2026-22222), VPN infrastructure (CVE-2026-0631, CVE-2026-22221, CVE-2026-22223, CVE-2026-22225, CVE-2026-22226), cloud communication services (CVE-2026-22224), and configuration backup systems (CVE-2026-22227, CVE-2026-22229).
TP-Link released firmware version 1.2.4 Build 20251218 rel.70420 on February 2, 2026, addressing all nine vulnerabilities.
Users should immediately download and install the patched firmware from official TP-Link regional support portals.
The company emphasizes that unpatched devices remain vulnerable, and TP-Link assumes no responsibility for consequences resulting from failure to apply security updates.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.