Tp Link · Tp-Link Tl-Wa850Re · CVE-2018-12692
**Name of the Vulnerable Software and Affected Versions**
TP-Link TL-WA850RE Wi-Fi Range Extender version 5
**Description**
The issue allows remote authenticated users to execute arbitrary commands. This is achieved by using shell metacharacters in the `wps setup pin` parameter to the "/data/wps.setup.json" API endpoint.
**Recommendations**
For TP-Link TL-WA850RE Wi-Fi Range Extender version 5, avoid using the `wps setup pin` parameter in the "/data/wps.setup.json" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.