COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2020-24363

CVE-2020-24363

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-09-02
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-24363
⌖ exploited in the wild shame 50/100 exploited-in-wild

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect ac

Players implicated

tp-link · vendorTL-WA855RE · product

Description

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.