Volerion logoVolerion
Volerion logoVolerion

TP-Link WA850RE Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the TP-Link WA850RE Universal Wi-Fi Range Extender, specifically in versions through WA850RE V2_160527 and WA850RE V3_160922. This vulnerability allows authenticated adjacent attackers to inject arbitrary commands into the httpd server. The injected commands are executed with root privileges, creating a significant security risk. This issue is compounded by an unauthenticated configuration disclosure vulnerability that exposes sensitive information, including admin credentials.

Impact

Exploitation of this vulnerability allows authenticated adjacent attackers to inject and execute arbitrary commands with root privileges on the affected device.

Remediation

Users are advised to update to the latest firmware version. Firmware updates for the WA850RE V2 and V3 are available on the TP-Link official website. Instructions for downloading the firmware are provided on the TP-Link support pages for each version.

Added: Dec 18, 2025, 6:19 PM
Updated: Dec 18, 2025, 6:19 PM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
7.5
exploitability
4.8
remediation
7.7
relevance
1.5
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.