CVE-2026-4346

UNKNOWN 0.0

Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

5th

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.

CWE	CWE-312
Vendor	tp-link systems inc.
Product	tl-wr850n v3
Published	Mar 26, 2026
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. tl-wr850n v3

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. tl-wr850n v3 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TP-Link Systems Inc. / TL-WR850N v3

0 < V3_0.9.1 Build251205

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tp-link.com: https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/5034/

Credits

Anirudh Tarikere Shankarappa