Charbel Farhat

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer BE230 versions prior to 1.2.4 Build 20251218 rel.70420 **Description** An OS Command Injection issue exists in TP-Link Archer BE230 web modules. A nearby authenticated attacker can execute arbitrary code. Successful exploitation could grant an attacker full administrative control of the device, compromising configuration integrity, network security, and service availability. This is one of several distinct OS command injection issues identified in separate code paths. **Recommendations** Update to version 1.2.4 Build 20251218 rel.70420 or later.

**Name of the Vulnerable Software and Affected Versions** Archer BE230 versions prior to 1.2.4 Build 20251218 rel.70420 **Description** A command injection may occur following administrative authentication within the VPN Connection Service. Exploitation could grant an attacker complete administrative control over the device, potentially compromising configuration integrity, network security, and service availability. This issue is one of several distinct command injection flaws identified in separate code paths. **Recommendations** Update to version 1.2.4 Build 20251218 rel.70420 or later.