The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain elevated access to the susceptible device.
“This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot,” the agency said. “The attacker can then obtain incorrect access control by setting a new administrative password.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
According to malwrforensics, the issue has been fixed with firmware version TL-WA855RE(EU)_V5_200731. However, it bears noting that the product has reached end-of-life (EoL) status, meaning it’s unlikely to receive any patches or updates. Users of the Wi-Fi range extender are advised to replace their gear with a newer model that addresses the issue.
CISA has not shared any details on how the vulnerability is being exploited in the wild, by whom, or on the scale of such attacks.
Also added to the KEV catalog is a security flaw that WhatsApp disclosed last week (CVE-2025-55177, CVSS score: 5.4) as having been exploited as part of a highly-targeted spyware campaign by chaining it with an Apple iOS, iPadOS, and macOS vulnerability (CVE-2025-43300, CVSS score: 8.8).
Not much is known about who was targeted and which commercial spyware vendor is behind the attacks, but WhatsApp told The Hacker News that it sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign.
Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary mitigations by September 23, 2025, for both the vulnerabilities to counter active threats.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Salesloft Takes Drift Offline After OAuth Token Theft Hits 700+ Organizations