The US CISA has warned that a critical vulnerability in TP-Link TL-WA855RE Wi-Fi extenders has been exploited in attacks, despite the device being discontinued. The flaw allows unauthenticated attackers to reset and reconfigure the device remotely, posing serious security risks. #CVE-2020-24363 #TP-Link #FirmwareUpdate
Keypoints
- The vulnerability CVE-2020-24363 allows unauthenticated remote reboot and reset on TP-Link Wi-Fi extenders.
- Despite firmware updates, affected devices remain at risk, especially as they are now discontinued.
- CISA has added this flaw to its Known Exploited Vulnerabilities catalog and urges users to discontinue use.
- Proof-of-concept exploit code has been available since July 2020, but no reports of in-the-wild exploitation were confirmed before the warning.
- This vulnerability highlights risks associated with end-of-life network devices still connected to networks.