Security Advisory on Authenticated Command Injection Vulnerabilities on Archer BE230 (CVE-2026-0630, CVE-2026-0631, CVE-2026-22221-22227, CVE-2026-22229). Archer AXE75 (CVE-2026-0630 and CVE-2026-22225), Archer AX73 (CVE-2026-22226), and Deco BE25 (CVE-2026-22229)
Vulnerabilities' Description:
Multiple Authenticated OS command injection vulnerabilities were identified across the following components:
- Web Modules: CVE-2026-0630 & CVE-2026-22222
- VPN Modules: CVE-2026-0631, CVE-2026-22221, CVE-2026-22223
- Cloud Communication Modules: CVE-2026-22224
- VPN Connection Service: CVE-2026-22225
- VPN Server Configuration Module: CVE-2026-22226
- Configuration Backup Restoration Function: CVE-2026-22227
- Import of Crafted Configuration File: CVE-2026-22229
Each CVE represents a distinct OS command injection issue in a separate code path, and is therefore tracked under an individual CVE ID.
The CVSS score are identical for the CVE-IDs: CVE-2026-0630, CVE-2026-0631 & CVE-2026-22221 to CVE-2026-22227
CVSS v4.0 Score: 8.5 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVE-2026-22229: Import of Crafted Configuration File
CVSS v4.0 Score: 8.6 / High
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Impacts:
Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.
Affected Products/Versions and Fixes:
|
Affected Product |
CVE-IDs |
Affected Version |
|
Archer BE230 v1.2 |
CVE-2026-0630, CVE-2026-0631, CVE-2026-22221-22227, CVE-2026-22229 |
< 1.2.4 Build 20251218 rel.70420 |
|
Archer AXE75 v1.0 |
CVE-2026-0630 CVE-2026-22225 |
< 1.5.3 Build 20260209 rel. 71108 |
|
Archer AX73 v2 |
CVE-2026-22226 |
< 1.3.1 Build 20260430 |
|
Deco BE25 v1.0 |
CVE-2026-22229 |
<= 1.1.1 Build 20250822 |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerabilities.
US: Download for Archer BE230 | TP-Link
Download for Archer AXE75 | TP-Link
Download for Deco BE25 | TP-Link
Download for Archer AX73 | TP-Link
EN: Download for Archer BE230 | TP-Link
Download for Archer AXE75 | TP-Link
Download for Deco BE25 | TP-Link
Download for Archer AX73 | TP-Link
SG: Download for Archer BE230 | TP-Link Singapore
Download for Deco BE25 | TP-Link Singapore
Acknowledgements:
We thank jro, caprinuxx, sunshinefactory and Charbel Farhat for reporting these vulnerabilities to us.
Disclaimer:
This advisory is provided for informational purposes only and is subject to change without notice. The information is provided “as is” without warranties of any kind. TP-Link recommends that customers apply available firmware updates or implement documented workarounds as provided in this advisory. Devices/systems that are not updated or mitigated as described may remain vulnerable.
Looking For More
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.