Sign-up

ID

VAR-202512-3503


CVE

CVE-2025-14738


TITLE

TP-LINK Technologies of TL-WA850RE  Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632

DESCRIPTION

Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. This issue is addressed in: WA850RE V2_160527 and WA850RE V3_160922 The following versions are affected:All information handled by the software may be leaked to the outside. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-14738 // JVNDB: JVNDB-2025-025632

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wa850rescope:lteversion:160527

Trust: 1.0

vendor:tp linkmodel:tl-wa850rescope:lteversion:160922

Trust: 1.0

vendor:tp linkmodel:tl-wa850rescope:lteversion:tl-wa850re firmware 160527 and earlier

Trust: 0.8

vendor:tp linkmodel:tl-wa850rescope:lteversion:tl-wa850re firmware 160922 and earlier

Trust: 0.8

vendor:tp linkmodel:tl-wa850rescope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:tl-wa850rescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632 // NVD: CVE-2025-14738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-14738
value: HIGH

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2025-14738
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-14738
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2025-14738
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-14738
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632 // NVD: CVE-2025-14738 // NVD: CVE-2025-14738

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632 // NVD: CVE-2025-14738

PATCH

title:TP-Link WA850RE Unauthenticated Configuration Disclosure Vulnerability - Exodus Intelligence TP-LINK TechnologiesTP-Linkurl:https://blog.exodusintel.com/2022/06/23/tp-link-wa850re-unauthenticated-configuration-disclosure-vulnerability/

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632

EXTERNAL IDS

db:NVDid:CVE-2025-14738

Trust: 2.6

db:JVNDBid:JVNDB-2025-025632

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632 // NVD: CVE-2025-14738

REFERENCES

url:https://www.tp-link.com/us/support/download/tl-wa850re/v3/#firmware

Trust: 1.8

url:https://www.tp-link.com/us/support/download/tl-wa850re/v2/#firmware

Trust: 1.8

url:https://blog.exodusintel.com/2022/06/23/tp-link-wa850re-unauthenticated-configuration-disclosure-vulnerability/

Trust: 1.0

url:https://www.tp-link.com/us/support/faq/4848/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-14738

Trust: 0.8

sources: JVNDB: JVNDB-2025-025632 // NVD: CVE-2025-14738

SOURCES

db:JVNDBid:JVNDB-2025-025632
db:NVDid:CVE-2025-14738

LAST UPDATE DATE

2026-02-04T23:11:05.662000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-025632date:2026-02-02T10:27:00
db:NVDid:CVE-2025-14738date:2026-01-29T16:15:45.993

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-025632date:2026-02-02T00:00:00
db:NVDid:CVE-2025-14738date:2025-12-18T18:15:45.193