CVE-2025-14738

HIGH

Tp-link Tl-wa850re Firmware < 160527 - Authentication Bypass

Title source: rule

Description

Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

References (4)

[Third Party Advisory] https://blog.exodusintel.com/2022/06/23/tp-link-wa850re-unauthenticated-configuration-disclosure-vulnerability/

[Product] https://www.tp-link.com/us/support/download/tl-wa850re/v2/#Firmware

[Product] https://www.tp-link.com/us/support/download/tl-wa850re/v3/#Firmware

[Vendor Advisory] https://www.tp-link.com/us/support/faq/4848/

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

tp-link/tl-wa850re_firmware < 160527

Published Dec 18, 2025

Tracked Since Feb 18, 2026