Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key.
Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.
AnalysisAI
Cleartext credential storage in TP-Link TL-WR850N v3 flash memory combined with weak serial interface authentication enables attackers with physical access to extract administrative and Wi-Fi credentials, leading to full device compromise and unauthorized network access. The vulnerability is addressed by a vendor patch, and exploitation requires physical proximity to the device's serial port with no public exploit code identified at time of analysis.
Technical ContextAI
The TL-WR850N v3 (cpe:2.3:a:tp-link_systems_inc.:tl-wr850n_v3:*:*:*:*:*:*:*:*) stores sensitive credentials-including router management passwords and wireless network keys-in plaintext within flash memory regions accessible via the device's serial interface. This embodies CWE-312 (Cleartext Storage of Sensitive Information), a fundamental data protection failure where credentials lack encryption at rest. The serial interface, while physically present, is protected only by weak authentication mechanisms that provide minimal resistance to an attacker with direct console access. The combination of cleartext storage and inadequate serial port authentication creates a direct pathway for credential recovery by a local, physically present attacker.
RemediationAI
Download and install the latest firmware for the TL-WR850N v3 from TP-Link's official support page (https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware). Immediately after patching, change all administrative credentials and wireless network passwords from their defaults. As interim protective measures on unpatched devices, physically secure serial port access by disabling or protecting the serial debug interface where firmware permits, restrict physical access to network equipment, and implement network segmentation to limit the impact of credential compromise. Verify patch application by checking the device's firmware version in the administration panel.
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16452