CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.

CVSS

No CVSS.

References

Link	Resource
https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware
https://www.tp-link.com/us/support/faq/5034/

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-26 22:16

Updated : 2026-03-30 13:26

NVD link : CVE-2026-4346

Mitre link : CVE-2026-4346

CVE.ORG link : CVE-2026-4346

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2026-4346", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-26T22:16:31.590", "references": [{"url": "https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/5034/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device\u2019s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router\u2019s management password and wireless network key.\n\nSuccessful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network."}, {"lang": "es", "value": "La vulnerabilidad que afecta al TL-WR850N v3 permite el almacenamiento en texto claro de credenciales administrativas y de Wi-Fi en una regi\u00f3n de la memoria flash del dispositivo mientras la interfaz serie permanece habilitada y protegida por una autenticaci\u00f3n d\u00e9bil. Un atacante con acceso f\u00edsico y la capacidad de conectarse al puerto serie puede recuperar informaci\u00f3n sensible, incluyendo la contrase\u00f1a de administraci\u00f3n del router y la clave de la red inal\u00e1mbrica.\n\nLa explotaci\u00f3n exitosa puede llevar al control administrativo total del dispositivo y al acceso no autorizado a la red inal\u00e1mbrica asociada."}], "lastModified": "2026-03-30T13:26:29.793", "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}