CVE-2026-4346: CWE-312 Cleartext storage of sensitive information in TP-Link Systems Inc. TL-WR850N v3
CVE-2026-4346 is a vulnerability in TP-Link TL-WR850N v3 routers that involves cleartext storage of administrative and Wi-Fi credentials in flash memory. The device’s serial interface remains enabled and is protected by weak authentication, allowing an attacker with physical access and serial port connectivity to extract sensitive information. Exploiting this vulnerability can lead to full administrative control of the router and unauthorized access to the wireless network. The CVSS score is 5. 1, indicating a medium severity level. No patch or official remediation is currently documented.
AI Analysis
Technical Summary
This vulnerability affects TP-Link TL-WR850N v3 routers by storing sensitive administrative and Wi-Fi credentials in cleartext within the device's flash memory. The serial interface, which remains enabled and protected by weak authentication, can be accessed physically to retrieve these credentials. An attacker with physical access and serial port connection can recover the router’s management password and wireless network key, potentially gaining full administrative control and unauthorized network access. The CVSS 4.0 vector indicates the attack requires physical access (AV:P), low attack complexity (AC:L), no user interaction (UI:N), and high impact on confidentiality (VC:H).
Potential Impact
An attacker with physical access to the device and the ability to connect to the serial interface can extract cleartext administrative and Wi-Fi credentials. This leads to full administrative control of the router and unauthorized access to the associated wireless network. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Since the attack requires physical access and serial port connectivity, restricting physical access to the device and disabling or securing the serial interface (if possible) are recommended interim mitigations. Monitor the vendor’s advisory channels for any future updates or patches addressing this issue.
CVE-2026-4346: CWE-312 Cleartext storage of sensitive information in TP-Link Systems Inc. TL-WR850N v3
Description
CVE-2026-4346 is a vulnerability in TP-Link TL-WR850N v3 routers that involves cleartext storage of administrative and Wi-Fi credentials in flash memory. The device’s serial interface remains enabled and is protected by weak authentication, allowing an attacker with physical access and serial port connectivity to extract sensitive information. Exploiting this vulnerability can lead to full administrative control of the router and unauthorized access to the wireless network. The CVSS score is 5. 1, indicating a medium severity level. No patch or official remediation is currently documented.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects TP-Link TL-WR850N v3 routers by storing sensitive administrative and Wi-Fi credentials in cleartext within the device's flash memory. The serial interface, which remains enabled and protected by weak authentication, can be accessed physically to retrieve these credentials. An attacker with physical access and serial port connection can recover the router’s management password and wireless network key, potentially gaining full administrative control and unauthorized network access. The CVSS 4.0 vector indicates the attack requires physical access (AV:P), low attack complexity (AC:L), no user interaction (UI:N), and high impact on confidentiality (VC:H).
Potential Impact
An attacker with physical access to the device and the ability to connect to the serial interface can extract cleartext administrative and Wi-Fi credentials. This leads to full administrative control of the router and unauthorized access to the associated wireless network. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Since the attack requires physical access and serial port connectivity, restricting physical access to the device and disabling or securing the serial interface (if possible) are recommended interim mitigations. Monitor the vendor’s advisory channels for any future updates or patches addressing this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TPLink
- Date Reserved
- 2026-03-17T16:03:38.913Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c5a8ce3c064ed76fd1dae6
Added to database: 3/26/2026, 9:44:46 PM
Last enriched: 4/3/2026, 1:36:10 PM
Last updated: 5/10/2026, 11:35:05 AM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.