CVE-2020-24363
Published: September 2, 2025
Official Description
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CISA KEV Advisory
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Risk Analysis
This vulnerability in TP-link TL-WA855RE allows an unauthenticated attacker on the same network to perform a factory reset and gain administrative access by setting a new password. This high-severity flaw can lead to complete device compromise. The high severity and confirmed exploitation in the wild make this an urgent concern, especially for end-of-life products.
This vulnerability has been actively exploited in the wild and is included in CISA's KEV catalog, confirming its active use by threat actors. This indicates a high probability of successful exploitation by unauthenticated attackers on the same network.
Discontinue use of TP-link TL-WA855RE devices, as they may be end-of-life. If continued use is unavoidable, isolate the device on a separate network and implement strict network access controls.
Technical Analysis
CVE-2020-24363 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CISA has added CVE-2020-24363 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
Exploit & PoC Resources
All References (3)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2020-24363 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1