CVE-2026-22228

MEDIUM

Tp-link Archer Be230 Firmware < 1.2.4 - Denial of Service

Title source: rule

Description

An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

References (4)

[Product] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware

[Product] https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware

[Product] https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware

[Vendor Advisory] https://www.tp-link.com/us/support/faq/4941/

Scores

CVSS v3 4.9

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

tp-link/archer_be230_firmware < 1.2.4

Published Feb 03, 2026

Tracked Since Feb 18, 2026