PT-2018-11335 · Tp Link · Tp-Link Tl-Wa850Re

Yoresongo

Publicado

2018-06-23

Atualizado

2019-10-03

CVE-2018-12692

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TP-Link TL-WA850RE Wi-Fi Range Extender version 5

Description The issue allows remote authenticated users to execute arbitrary commands. This is achieved by using shell metacharacters in the wps setup pin parameter to the "/data/wps.setup.json" API endpoint.

Recommendations For TP-Link TL-WA850RE Wi-Fi Range Extender version 5, avoid using the wps setup pin parameter in the "/data/wps.setup.json" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-12692

Produtos afetados

Tp-Link Tl-Wa850Re

PT-2018-11335 · Tp Link · Tp-Link Tl-Wa850Re

CVE-2018-12692

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3