HOMEVULNERABILITIESCVE-2020-24363
HIGHCISA KEVIN THE WILD

CVE-2020-24363

Published: September 2, 2025

EPSS:11.07%probability of exploitation in 30 daysPercentile:93.3th

Official Description

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

NVD Source

CISA KEV Advisory

TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Added to KEV: 2025-09-02Federal patch deadline: 2025-09-23
Required Action (CISA)

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Risk Analysis

This vulnerability in TP-link TL-WA855RE allows an unauthenticated attacker on the same network to perform a factory reset and gain administrative access by setting a new password. This high-severity flaw can lead to complete device compromise. The high severity and confirmed exploitation in the wild make this an urgent concern, especially for end-of-life products.

This vulnerability has been actively exploited in the wild and is included in CISA's KEV catalog, confirming its active use by threat actors. This indicates a high probability of successful exploitation by unauthenticated attackers on the same network.

Recommended Action

Discontinue use of TP-link TL-WA855RE devices, as they may be end-of-life. If continued use is unavoidable, isolate the device on a separate network and implement strict network access controls.

Generated by the CTIWATCH analysis pipeline from this CVE's metadata (CVSS, EPSS, KEV status, exploit intelligence). Verify against vendor advisories before acting.

Technical Analysis

CVE-2020-24363 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CISA has added CVE-2020-24363 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.

Exploit & PoC Resources

ACTIVE EXPLOITATIONConfirmed exploitation in the wild
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2020-24363
SeverityHIGH
CISA KEVYES — Active Exploitation
ExploitIN THE WILD
EPSS (30d)11.07%
PublishedSep 2, 2025

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2020-24363 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
  • !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
  • !Active exploitation confirmed — treat as P1
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.