CISA Alerts on TP-Link Authentication Flaw Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a serious security hole in certain TP-Link devices.

This flaw, tracked as CVE-2020-24363, allows an attacker on the same network to take control without needing a password. CISA warns that this weakness is already being actively exploited by bad actors.

Vulnerability Details

TP-Link TL-WA855RE devices contain a missing authentication for a critical function. In simple terms, the device does not check who is sending a factory-reset command.

An attacker can send a special request to reboot the device and restore it to factory settings. After the reset, the attacker can set a new admin password and lock out the real owner. Once in control, they could change network settings, spy on traffic, or disrupt services.

CISA has labeled this issue as under active exploitation, meaning attackers are already using it in real attacks.

While TP-Link does ...