Vulnerability Description
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wa850Re Firmware | <= 160527 |
| Tp-Link | Tl-Wa850Re | 2 |
Related Weaknesses (CWE)
References
- https://blog.exodusintel.com/2022/06/23/tp-link-wa850re-remote-command-injectionThird Party Advisory
- https://www.tp-link.com/us/support/download/tl-wa850re/v2/#FirmwareProductRelease Notes
- https://www.tp-link.com/us/support/download/tl-wa850re/v3/#FirmwareProductRelease Notes
- https://www.tp-link.com/us/support/faq/4848/Vendor Advisory
FAQ
What is CVE-2025-14737?
CVE-2025-14737 is a vulnerability with a CVSS score of 8.0 (HIGH). Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
How severe is CVE-2025-14737?
CVE-2025-14737 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14737?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wa850Re Firmware, Tp-Link Tl-Wa850Re.