You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2020-24363
About this tag
CVE-2020-24363 is a missing-authentication vulnerability affecting the TP-Link TL-WA855RE wireless range extender. This flaw allows an unauthenticated attacker to take over the device on a local network. The vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) Catalog in September 2025, with a remediation due date of September 23, 2025. Discussions on WindowsForum highlight that this legacy IoT device flaw remains actively exploited by adversaries, emphasizing the importance of patching or replacing affected hardware to prevent unauthorized network access.
CISA’s September additions to the Known Exploited Vulnerabilities (KEV) Catalog — the TP‑Link TL‑WA855RE missing‑authentication flaw (CVE‑2020‑24363) and the WhatsApp incorrect‑authorization weakness (CVE‑2025‑55177) — are a reminder that adversaries continue to exploit both legacy IoT devices...