Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2026-22225

Severity CVSS v4.0:
HIGH
Type:
CWE-78 OS Command Injections
Publication date:
02/02/2026
Last modified:
02/02/2026

Description

A command injection vulnerability may be exploited after the admin&amp;#39;s authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability.<br /> <br /> <br /> <br /> This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.<br /> <br /> <br /> This issue affects Archer BE230 v1.2

Impact

Vector 4.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L CVSS v4.0 Severity and Metrics:

Base Score: 8.50 HIGH
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): Low

Base Score 4.0
8.50
Severity 4.0
HIGH

References to Advisories, Solutions, and Tools