Security Advisory on Authenticated Command Injection Vulnerabilities on Archer BE230 (CVE-2026-0630, CVE-2026-0631, CVE-2026-22221-22227, CVE-2026-22229). Archer AXE75 (CVE-2026-0630 and CVE-2026-22225), and Deco BE25 (CVE-2026-22229)
13986 Vulnerabilities' Description:
Multiple Authenticated OS command injection vulnerabilities were identified across the following components:
- Web Modules: CVE-2026-0630 & CVE-2026-22222
- VPN Modules: CVE-2026-0631, CVE-2026-22221, CVE-2026-22223
- Cloud Communication Modules: CVE-2026-22224
- VPN Connection Service: CVE-2026-22225
- VPN Server Configuration Module: CVE-2026-22226
- Configuration Backup Restoration Function: CVE-2026-22227
- Import of Crafted Configuration File: CVE-2026-22229
Each CVE represents a distinct OS command injection issue in a separate code path, and is therefore tracked under an individual CVE ID.
The CVSS score are identical for the CVE-IDs: CVE-2026-0630, CVE-2026-0631 & CVE-2026-22221 to CVE-2026-22227
CVSS v4.0 Score: 8.5 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVE-2026-22229: Import of Crafted Configuration File
CVSS v4.0 Score: 8.6 / High
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Impacts:
Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
Affected Products/Versions and Fixes:
|
Affected Product |
CVE-IDs |
Affected Version |
|
Archer BE230 v1.2 |
CVE-2026-0630, CVE-2026-0631, CVE-2026-22221-22227, CVE-2026-22229 |
< 1.2.4 Build 20251218 rel.70420 |
|
Archer AXE75 v1.0 |
CVE-2026-0630 CVE-2026-22225 |
< 1.5.3 Build 20260209 rel. 71108 |
|
Deco BE25 v1.0 |
CVE-2026-22229 |
<= 1.1.1 Build 20250822 |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerabilities.
US: Download for Archer BE230 | TP-Link
Download for Archer AXE75 | TP-Link
Download for Deco BE25 | TP-Link
EN: Download for Archer BE230 | TP-Link
Download for Archer AXE75 | TP-Link
Download for Deco BE25 | TP-Link
SG: Download for Archer BE230 | TP-Link Singapore
Download for Deco BE25 | TP-Link Singapore
Acknowledgements:
We thank jro, caprinuxx, sunshinefactory and Charbel Farhat for reporting these vulnerabilities to us.
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
¿Es útil este artículo?
Tus comentarios nos ayudan a mejorar esta web.