CVE-2026-0630
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-03-19
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_be230_firmware | to 1.2.4 (exc) |
| tp-link | archer_be230 | 1.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection flaw in the TP-Link Archer BE230 v1.2 web modules. It allows an adjacent authenticated attacker to execute arbitrary code on the device. Exploiting this vulnerability could give the attacker full administrative control over the device.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to severe compromise of the device's configuration integrity, network security, and service availability. The attacker could gain full administrative control, potentially disrupting network operations and exposing sensitive configurations.