CVE-2020-24363
published 2020-08-31CVE-2020-24363: TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset…
PriorityP187high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-09-23
Exploited in the wild
EPSS
20.69%
97.2th percentile
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | tl-wa855re_firmware | < 200731 | 200731 |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on POST requests to '/?code=5&asyn=0' with a body of '0|1,0,0' targeting TP-Link range extender devices on the local network. ↗
- →Monitor for X-Requested-With: XMLHttpRequest header combined with Content-Type: text/plain;charset=UTF-8 in POST requests to TP-Link device management endpoints, which is characteristic of this exploit's HTTP fingerprint. ↗
- ·Exploit only works against firmware version TL-WA855RE(US)_V5_200415; the vendor patched this in firmware TL-WA855RE(US)_V5_200731. ↗
- ·The attacker must be on the same network as the device; this is not a remote internet-facing exploit. ↗
- ·CISA notes the impacted product may be end-of-life/end-of-service; patching may not be available and discontinuation of use may be required. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:A/AC:L/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
cisa·2025-09-02·CVSS 8.8
CVE-2020-24363 [HIGH] CWE-306 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
Vulnerability: TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
Affected: TP-Link TL-WA855RE
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.tp-link.com/us
GHSA
GHSA-339j-xv49-q5p7: TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a fact
ghsa_unreviewed·2022-05-24
CVE-2020-24363 [HIGH] CWE-306 GHSA-339j-xv49-q5p7: TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a fact
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
VulnCheck
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-24363 [HIGH] CWE-306 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Affected: TP-Link TL-WA855RE
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cisa.gov/s
No detection rules found.
http://malwrforensics.com/en/2020/08/31/cve-2020-24363-tl-wa855re-v5-advisory/https://pastebin.com/VjHM4UiAhttps://www.tp-link.com/us/support/download/tl-wa855re/#Firmwarehttp://malwrforensics.com/en/2020/08/31/cve-2020-24363-tl-wa855re-v5-advisory/https://pastebin.com/VjHM4UiAhttps://www.tp-link.com/us/support/download/tl-wa855re/#Firmwarehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-24363
2020-08-31
Published
2025-09-02
Added to CISA KEV
Exploited in the wild