Cleartext Credential Storage Vulnerability in TL-WR850N by TP-Link
CVE-2026-4346

5.1MEDIUM

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tl-wr850n V3
Vendor: CVE Published:; 26 March 2026

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2026-4346?

The TL-WR850N v3 device is susceptible to a vulnerability that allows sensitive administrative and Wi-Fi credentials to be stored in plaintext within its flash memory. This issue arises while the serial interface is enabled and safeguarded by weak authentication measures. An attacker who has physical access to the device can connect to the serial port, potentially leading to the recovery of critical information, such as the management password and wireless network key. If exploited, this vulnerability grants unauthorized individuals complete administrative control over the router, posing significant risks to the associated wireless network.

Affected Version(s)

TL-WR850N v3 0

References

https://www.tp-link.com/in/support/download/tl-wr850n/#Fi...

patch

https://www.tp-link.com/us/support/faq/5034/

vendor-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

Anirudh Tarikere Shankarappa

CVE-2026-4346 Data

JSON