Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694.
http://www.securitytracker.com/id/1033746
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-aironet