CVE-2025-14738
HIGH WAF: Low
CVSS 7.5
Published: 2025-12-18
CWE-287
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tp-link | tl-wa850re_firmware | up to 160527 |
| tp-link | tl-wa850re_firmware | up to 160922 |
References
- blog.exodusintel.com (Third Party Advisory)
- www.tp-link.com (Product)
- www.tp-link.com (Product)
- www.tp-link.com (Vendor Advisory)