A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.
A post-authentication command injection vulnerability exists in TP-Link Archer BE230 v1.2 VPN Connection Service that allows attackers to execute arbitrary OS commands with administrative privileges. Successful exploitation results in complete device compromise including configuration integrity loss and network security breach.
ثغرة حقن أوامر نظام التشغيل في خدمة VPN Connection على جهاز TP-Link Archer BE230 الإصدار 1.2 تسمح للمهاجمين المصرح لهم بتنفيذ أوامر تعسفية بامتيازات إدارية كاملة. يمكن للاستغلال الناجح أن يؤدي إلى السيطرة الكاملة على الجهاز وفقدان سلامة الإعدادات وتعطيل خدمات الشبكة.
A post-authentication command injection vulnerability exists in TP-Link Archer BE230 v1.2 VPN Connection Service that allows attackers to execute arbitrary OS commands with administrative privileges. Successful exploitation results in complete device compromise including configuration integrity loss and network security breach.
Update TP-Link Archer BE230 to firmware version 1.2.4 Build 20251218 rel.70420 or later immediately. Restrict administrative access to trusted networks only. Monitor VPN service logs for suspicious command patterns. Implement network segmentation to isolate affected devices.
قم بتحديث جهاز TP-Link Archer BE230 إلى إصدار البرنامج الثابت 1.2.4 Build 20251218 rel.70420 أو أحدث على الفور. قيد الوصول الإداري للشبكات الموثوقة فقط. راقب سجلات خدمة VPN للأنماط المريبة. طبق تقسيم الشبكة لعزل الأجهزة المتأثرة.