TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.