CVE-2026-4346
Cleartext Credential Storage in TL-WR850N v3 Enables Full Admin Access
Publication date: 2026-03-26
Last updated on: 2026-03-31
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tl-wr850n_firmware | to 0.9.1_Build251205 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the TL-WR850N v3 router and involves the storage of administrative and Wi-Fi credentials in cleartext within the device's flash memory.
Because the serial interface remains enabled and is protected only by weak authentication, an attacker with physical access to the device and the ability to connect to the serial port can retrieve sensitive information such as the router's management password and wireless network key.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to an attacker gaining full administrative control over the affected device.
Additionally, the attacker can gain unauthorized access to the associated wireless network, potentially compromising network security and any data transmitted over it.