CVE-2026-4346

Name of the Vulnerable Software and Affected Versions TL-WR850N version 3

Description The issue allows for the storage of administrative and Wi-Fi credentials in cleartext within a region of the device’s flash memory. The serial interface remains enabled and is protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can retrieve sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.