Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device

TP-Link has released urgent firmware updates for Archer BE230 v1.2 devices to remediate multiple high-severity OS command injection vulnerabilities (several CVEs, CVSS ~8.5–8.6) in web, VPN, cloud communication, and configuration modules that can allow authenticated attackers to execute arbitrary root commands, gain full device control, intercept traffic, disrupt services, or pivot to other network hosts; administrators are strongly advised to apply the provided patched firmware immediately.