CVE-2018-12692

HIGH

TP-Link TL-WA850RE <5 - Command Injection

Title source: llm

Description

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.

Exploits (1)

exploitdb WORKING POC

by yoresongo · pythonwebappshardware

https://www.exploit-db.com/exploits/44912

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44912/

[Exploit, Third Party Advisory] https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc

Scores

CVSS v3 8.8

EPSS 0.0515

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

tp-link/tl-wa850re_firmware

Published Jun 23, 2018

Tracked Since Feb 18, 2026