PT-2018-11335 · Tp Link · Tp-Link Tl-Wa850Re

Yoresongo

Published

2018-06-23

Updated

2019-10-03

CVE-2018-12692

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TP-Link TL-WA850RE Wi-Fi Range Extender version 5

Description The issue allows remote authenticated users to execute arbitrary commands. This is achieved by using shell metacharacters in the wps setup pin parameter to the "/data/wps.setup.json" API endpoint.

Recommendations For TP-Link TL-WA850RE Wi-Fi Range Extender version 5, avoid using the wps setup pin parameter in the "/data/wps.setup.json" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-12692

Affected Products

Tp-Link Tl-Wa850Re

PT-2018-11335 · Tp Link · Tp-Link Tl-Wa850Re

CVE-2018-12692

Weakness Enumeration

Related Identifiers

Affected Products

References · 3