CVE-2020-24363
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2020-24363. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
Available Exploits
Related News
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability CVE-2025-5517…
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: August 29, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
CISA has added two actively exploited vulnerabilities to the KEV Catalog: * CVE-2020-24363 (TP-Link TL-WA855RE — missing authentication) * CVE-2025-55177 (WhatsApp — incorrect authorization) These are now confirmed active attack vectors. While BOD 22-01 makes patching mandatory for federal agencies, CISA urges all organizations to remediate KEVs quickly. 🔍 For …
CISA Adds WhatsApp + TP-Link Flaws to KEV Catalog: Actively Exploited CISA has just updated its Known Exploited Vulnerabilities (KEV) Catalog with two new CVEs: * **CVE-2020-24363** — TP-Link TL-WA855RE Missing Authentication * **CVE-2025-55177** — WhatsApp Incorrect Authorization Both are being exploited in the wild. Under **BOD 22-01**, federal agencies …
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing... **CVEs:** CVE-2020-24363 **Source:** https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html
CVE-2020-24363 - TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.