Tp-link Archer Be230 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Tp-link Archer Be230 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2026-22223 — CVSS 8.0 (high): An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary…
CVE-2026-0631 — CVSS 8.0 (high): An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute…
CVE-2026-0630 — CVSS 8.0 (high): An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated…
CVE-2026-22221 — CVSS 8.0 (high): An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary…
CVE-2026-22222 — CVSS 8.0 (high): An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary…
CVE-2026-22229 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration…
CVE-2026-22224 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link…
CVE-2026-22225 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2…
CVE-2026-22226 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link…
CVE-2026-22227 — CVSS 7.2 (high): A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of…
CVE-2026-22228 — CVSS 4.9 (medium): An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a…
CVE-2026-22220 — CVSS 4.5 (medium): A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to…