The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday affected the TP-Link TL-WA855RE Wi-Fi Ranger Extender product, affected the known exploitation catalogue, and cited evidence of active exploitation.
The vulnerability, CVE-2020-24363 (CVSS score: 8.8) is related to cases where authentication is missing that could be abused to gain increased access to sensitive devices.
“The vulnerability allows unidentified attackers (on the same network) to send factory reset and restart TDDP_RESET POST requests,” the agency said. “Attackers can obtain incorrect access controls by setting a new administrative password.”
According to Malwrforensics, this issue has been fixed in firmware version TL-WA855RE(EU)_V5_200731. However, please note that your product has reached end-of-life (EOL) status. This means you rarely receive patches or updates. Wi-Fi Range Extender users are advised to replace the gear with a new model that addresses the issue.
The CISA does not share details about how vulnerabilities are exploited in the wild at the scale of such attacks.
Additionally, what was added to the KEV catalog is a security flaw that WhatsApp disclosed last week (CVE-2025-55177, CVSS score: 5.4), which is used as part of highly targeted spyware campaigns by chaining chains with vulnerabilities in Apple iOS, iPados, and Macos (CVE-2025-43300, CVSS score: 8.8).
While little is known about who will be targeted and which commercial spyware vendors are behind the attack, WhatsApp told Hacker News it sent in-app threat notifications to fewer than 200 users who may have targeted it as part of its campaign.
The Federal Civil Enforcement Division (FCEB) agency recommends that by September 23, 2025, apply the necessary mitigation to both vulnerabilities that counter aggressive threats.
Source link
