The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a serious security hole in certain TP-Link devices.
This flaw, tracked as CVE-2020-24363, allows an attacker on the same network to take control without needing a password. CISA warns that this weakness is already being actively exploited by bad actors.
Vulnerability Details
TP-Link TL-WA855RE devices contain a missing authentication for a critical function. In simple terms, the device does not check who is sending a factory-reset command.
An attacker can send a special request to reboot the device and restore it to factory settings. After the reset, the attacker can set a new admin password and lock out the real owner. Once in control, they could change network settings, spy on traffic, or disrupt services.
CISA has labeled this issue as under active exploitation, meaning attackers are already using it in real attacks.
While TP-Link does provide guidance, many of the affected devices are end-of-life or no longer supported. This makes fixing the flaw harder and increases the risk for users who continue to run the old devices.
CISA recommends users take immediate action:
- Apply Vendor Mitigations
Check TP-Link’s website for any patches or workarounds. Follow the vendor’s instructions to secure the device. - Follow BOD 22-01 Guidance
For cloud services, use the guidance from White House Binding Operational Directive 22-01 to strengthen network security around these devices. - Discontinue Use if Necessary
If no fix is available or the device is no longer supported, stop using it. Replace with a current, supported model.
| Field | Information |
| CVE Identifier | CVE-2020-24363 |
| Vulnerable Product | TP-Link TL-WA855RE |
| Vulnerability Type (CWE) | Missing Authentication for Critical Function (CWE-306) |
| Impact | Unauthenticated attacker can factory reset device, set a new admin password, and gain control |
Network administrators should scan their networks for these devices and check the firmware version.
If an update is available, install it right away. If the device is EoL or no longer receives updates, replace it with a modern, supported model that follows secure design practices.
By taking these steps, users and organizations can reduce their risk and protect their networks from this serious flaw.
Regularly reviewing device hardware and firmware is essential to maintain strong cybersecurity and stay ahead of active threats.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
