Description
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key.

Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.
Published: 2026-03-26
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential Theft
Action: Patch Firmware
AI Analysis

Impact

A flaw in the TL‑WR850N v3 router allows cleartext storage of administrative and Wi‑Fi credentials in a region of the device’s flash memory while the serial interface is enabled and protected by weak authentication. The vulnerability, corresponding to CWE‑312, means that an attacker can read the stored credentials directly from flash, thereby learning the router’s management password and wireless network key. These credentials permit full administrative control of the device and unauthorized access to the associated wireless network.

Affected Systems

TP‑Link Systems Inc. TL‑WR850N v3 is the sole product identified as affected by this vulnerability. No alternative vendors, products, or firmware versions are listed; thus the issue is confined to routers running the specified firmware version.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, but exploitation requires physical access to the router and the ability to connect to its serial port. The serial interface is protected only by weak authentication, so an attacker can connect, read the cleartext credentials from flash, and gain complete administrative control. EPSS data is unavailable and the vulnerability is not included in CISA’s KEV catalog; therefore, while not a widespread or automated threat, it remains a serious risk for physically accessible devices.

Generated by OpenCVE AI on March 26, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the serial interface if it is not needed for troubleshooting or maintenance
  • Obtain and install the latest firmware update for the TL‑WR850N v3 from TP‑Link
  • Secure the device enclosure or restrict physical access to trusted personnel
  • Change the router’s administrative password to a strong, unique value
  • Ensure the Wi‑Fi network uses a robust, non‑default passphrase and consider disabling WPS

Generated by OpenCVE AI on March 26, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tl-wr850n Firmware
CPEs cpe:2.3:h:tp-link:tl-wr850n:3:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr850n_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tl-wr850n Firmware
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tl-wr850n
Vendors & Products Tp-link
Tp-link tl-wr850n

Thu, 26 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.
Title Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N
Weaknesses CWE-312
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Tp-link Tl-wr850n Tl-wr850n Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-27T19:39:20.845Z

Reserved: 2026-03-17T16:03:38.913Z

Link: CVE-2026-4346

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T22:16:31.590

Modified: 2026-03-31T19:09:22.300

Link: CVE-2026-4346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:23:10Z

Weaknesses