Command Injection Vulnerability on TP-Link Archer BE230 and AX73
Summary
| CVE | CVE-2026-22226 |
|---|---|
| State | PUBLISHED |
| Assigner | TPLink |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-02-02 18:16:15 UTC |
| Updated | 2026-06-04 19:16:27 UTC |
| Description | A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AX73 v2 < 1.3.1 Build 20260430. |
Risk And Classification
Primary CVSS: v4.0 8.5 HIGH from f23511db-6c3e-4e32-a477-6aa17d310630
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-78 | CWE-78 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | f23511db-6c3e-4e32-a477-6aa17d310630 | Secondary | 8.5 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/C... |
| 4.0 | CNA | CVSS | 8.5 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |
| 3.1 | [email protected] | Primary | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
AdjacentAttack Complexity
LowAttack Requirements
NonePrivileges Required
HighUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
LowSub Integrity
LowSub Availability
LowCVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Tp-link | Archer Be230 | 1.20 | All | All | All |
| Operating System | Tp-link | Archer Be230 Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | TP-Link Systems Inc. | Archer BE230 V1.2 | affected 1.2.4 Build 20251218 rel.70420 custom | Not specified |
| CNA | TP Link Systems Inc. | Archer AX73 V2 | affected 1.3.1 Build 20260430 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.tp-link.com/us/support/download/archer-be230/v1.20 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/en/support/download/archer-be230/v1.20 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/faq/4935 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Patch, Vendor Advisory |
| www.tp-link.com/en/support/download/archer-ax73/v2 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | |
| www.tp-link.com/us/support/download/archer-ax73/v2 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | |
| www.tp-link.com/sg/support/download/archer-be230/v1.20 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: jro (en)
There are currently no legacy QID mappings associated with this CVE.