CVE-2019-19143
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.
Date published : 2020-01-27
http://packetstormsecurity.com/files/156586/TP-Link-TL-WR849N-0.9.1-4.16-Authentication-Bypass.html