CVE-2026-22228

An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware	Product
https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware	Product
https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware	Product
https://www.tp-link.com/us/support/faq/4941/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-03 18:16

Updated : 2026-02-13 19:25

NVD link : CVE-2026-22228

Mitre link : CVE-2026-22228

CVE.ORG link : CVE-2026-22228

JSON object : View

Products Affected

tp-link

archer_be230
archer_be230_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2026-22228", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-03T18:16:19.227", "references": [{"url": "https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware", "tags": ["Product"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware", "tags": ["Product"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware", "tags": ["Product"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/4941/", "tags": ["Vendor Advisory"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An authenticated user with high privileges may trigger a denial\u2011of\u2011service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation.\nThis issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420."}, {"lang": "es", "value": "Un usuario autenticado con privilegios elevados puede desencadenar una condici\u00f3n de denegaci\u00f3n de servicio en el TP-Link Archer BE230 v1.2 al restaurar un archivo de configuraci\u00f3n manipulado que contiene un par\u00e1metro excesivamente largo. La restauraci\u00f3n de dicho archivo puede hacer que el dispositivo deje de responder, lo que requiere un reinicio para restaurar el funcionamiento normal.\nEste problema afecta a Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420."}], "lastModified": "2026-02-13T19:25:43.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_be230_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5BA03F6-BE09-4124-9B70-32BE881EDB09", "versionEndExcluding": "1.2.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_be230:1.20:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2619D728-00BA-47E8-AC08-F682A7E82578"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}