CISA Adds TP-Link Wi-Fi and WhatsApp Spyware Flaws to KEV List

CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to patch risks before exploitation spreads.

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities to its official list of known exploited flaws. For your information, this catalogue is a list of vulnerabilities that have been actively used by malicious actors.

High-Severity Flaw in TP-Link Extender

First on the list is a high-severity flaw in a TP-Link Wi-Fi Range Extender, the model TL-WA855RE. This serious issue, tracked as CVE-2020-24363, has a score of 8.8 out of 10. The problem is a “missing authentication” flaw, which means an attacker can get high-level access to the device.

Cybersecurity firm MalwareForensics stated that a fix was issued, which is available here, but please note, this model has reached its “end-of-life” status. This means the manufacturer is no longer providing updates ...