TL-WA850RE
by TP-Link
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12692 | Hig | 0.60 | 8.8 | 0.29 | Jun 23, 2018 | TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | ||
| CVE-2018-12694 | Hig | 0.49 | 7.5 | 0.01 | Jun 23, 2018 | TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | ||
| CVE-2018-12693 | Med | 0.44 | 6.5 | 0.16 | Jun 23, 2018 | Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | ||
| CVE-2025-14738 | 0.00 | — | 0.00 | Dec 18, 2025 | Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. | |||
| CVE-2025-14737 | 0.00 | — | 0.01 | Dec 18, 2025 | Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. | |||
| CVE-2022-22922 | 0.00 | — | 0.01 | Feb 18, 2022 | TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. |
- risk 0.60cvss 8.8epss 0.29
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.
- risk 0.49cvss 7.5epss 0.01
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.
- risk 0.44cvss 6.5epss 0.16
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.
- CVE-2025-14738Dec 18, 2025risk 0.00cvss —epss 0.00
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
- CVE-2025-14737Dec 18, 2025risk 0.00cvss —epss 0.01
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
- CVE-2022-22922Feb 18, 2022risk 0.00cvss —epss 0.01
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.