The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog by incorporating two significant security flaws affecting TP-Link’s TL-WA855RE Wi-Fi Range Extender and WhatsApp. This action underscores the ongoing threats posed by these vulnerabilities and the necessity for prompt remediation.
TP-Link TL-WA855RE Vulnerability (CVE-2020-24363):
Identified as CVE-2020-24363 with a Common Vulnerability Scoring System (CVSS) score of 8.8, this high-severity flaw pertains to a missing authentication mechanism in the TP-Link TL-WA855RE Wi-Fi Range Extender. This vulnerability allows an unauthenticated attacker on the same network to execute a TDDP_RESET POST request, leading to a factory reset and reboot of the device. Subsequently, the attacker can set a new administrative password, thereby gaining unauthorized control over the device.
Although TP-Link addressed this issue in firmware version TL-WA855RE(EU)_V5_200731, the TL-WA855RE model has reached its end-of-life (EoL) status. Consequently, it is unlikely to receive further updates or security patches. Users are strongly advised to replace their devices with newer models to ensure continued security and functionality.
WhatsApp Vulnerability (CVE-2025-55177):
The second vulnerability, CVE-2025-55177, carries a CVSS score of 5.4 and affects WhatsApp. This flaw has been exploited in a highly targeted spyware campaign, where it was combined with an Apple iOS, iPadOS, and macOS vulnerability (CVE-2025-43300, CVSS score: 8.8). The specifics regarding the targets and the commercial spyware vendor involved remain undisclosed. However, WhatsApp has proactively notified fewer than 200 users through in-app alerts, informing them of potential targeting in this campaign.
Implications and Recommendations:
The inclusion of these vulnerabilities in CISA’s KEV catalog highlights the persistent risks associated with unpatched security flaws. Federal Civilian Executive Branch (FCEB) agencies are mandated to implement necessary mitigations by September 23, 2025, to counteract active threats.
While CISA’s directive specifically applies to FCEB agencies, all organizations and individual users are urged to prioritize the timely remediation of these vulnerabilities. For TP-Link TL-WA855RE users, transitioning to supported hardware is crucial. WhatsApp users should ensure their applications are updated to the latest versions to mitigate potential risks.
In summary, the active exploitation of these vulnerabilities serves as a stark reminder of the importance of maintaining up-to-date systems and promptly addressing known security issues to safeguard against potential cyber threats.
