What’s the Threat?

• Device Affected: TP-Link TL-WA855RE Wi-Fi Range Extender

• Vulnerability: Missing authentication for a critical function—unauthenticated attackers on the same network can send a TDDP_RESET POST request to force a factory reset and then set a new administrative password SecurityWeekThe Hacker NewsSecurity Affairs.

• CISA Action: This flaw, listed as CVE-2020-24363, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, as it's actively exploited The Hacker NewsSecurity Affairs.

Risk Snapshot

Immediate Action Steps

1. Upgrade or Replace:
   Flash the latest firmware if possible; otherwise, discontinue use. Given its EoL status, the safest path is replacement.

2. Disable Local Admin Access:
   Block access to the TDDP interface or local web admin. Limit to secure segments if continued use is mandatory.

3. Network Segmentation:
   Isolate the extender from critical systems. Enforce strict control via VLANs or firewall rules.

4. Detect & Monitor:
   Watch for factory reset events or uncharacteristic admin changes. Use intrusion detection tools to flag attempts.

5. Explore WAF or Network Filters:
   Block TDDP_RESET or similar requests using network-level controls or a Web Application Firewall if feasible.

CyberDudeBivash Ecosystem Support

• Apps & Tools: cyberdudebivash.com/apps — For quick peripheral and router vulnerability scanning

• Threat Intel: cyberbivash.blogspot.com — Stay ahead with live CVE alerts

• IoT & Plugin Insights: cryptobivash.code.blog — In-depth analysis for IoT and unmanaged device security

• Incident Playbooks & Consulting: Step-by-step guides for emergency patching and risk response

#CyberDudeBivash #TPrRouterSecurity #WiFiExtender #RouterVulnerability #SecurityAlert #CVE202024363 #CISA #IoTSecurity #ThreatIntel