Description
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key.

Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.
Published: 2026-03-26
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cleartext storage of administrative and Wi‑Fi credentials, permitting full device control
Action: Apply Patch
AI Analysis

Impact

The TP Link TL‑WR850N v3 router has a flaw that allows clear‑text storage of its management password and wireless network key in flash memory while the serial port is enabled. The credential data is stored in a small section accessible through the serial interface, which is protected only by weak authentication. If an attacker can physically connect to that port, they can read the credentials. Possession of those credentials gives full administrative control of the router and access to the associated Wi‑Fi network. This weakness is a classic example of CWE‑312, clear‑text storage of sensitive information.

Affected Systems

TP Link Systems Inc. TL‑WR850N model version 3. No other models or firmware revisions are reported as vulnerable.

Risk and Exploitability

The vulnerability has a CVSS base score of 5.1, indicating moderate severity. EPSS is below 1 %, suggesting exploitation is currently unlikely. It is not listed in CISA’s Known Exploited Vulnerabilities catalog. The primary attack vector requires physical access to the device to connect to the serial interface; no remote exploitation is documented. Thus, the risk is largely confined to environments where an attacker can reach the hardware, such as factories, access‑control setups, or at home where the user may inadvertently expose the port.

Generated by OpenCVE AI on April 1, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from TP‑Link that removes the clear‑text storage or secures it.
  • If an update is not yet available, disable the serial port interface in the router’s configuration or cover the physical port to prevent access.
  • If the serial interface must remain enabled, enforce a strong, unique password known only to authorized maintenance personnel.

Generated by OpenCVE AI on April 1, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tl-wr850n Firmware
CPEs cpe:2.3:h:tp-link:tl-wr850n:3:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr850n_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tl-wr850n Firmware
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tl-wr850n
Vendors & Products Tp-link
Tp-link tl-wr850n

Thu, 26 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.
Title Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N
Weaknesses CWE-312
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Tp-link Tl-wr850n Tl-wr850n Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-27T19:39:20.845Z

Reserved: 2026-03-17T16:03:38.913Z

Link: CVE-2026-4346

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T22:16:31.590

Modified: 2026-03-31T19:09:22.300

Link: CVE-2026-4346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:56:17Z

Weaknesses