CVE-2020-24363
First published: Mon Aug 31 2020(Updated: )
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TP-Link TL-WA855RE Firmware | =20200415 | |
| TP-Link TL-WA855RE | =v5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-24363?
CVE-2020-24363 is considered to be of medium severity due to its potential for unauthorized access.
How do I fix CVE-2020-24363?
To fix CVE-2020-24363, you should update the firmware of the TP-Link TL-WA855RE to the latest version provided by TP-Link.
Who is affected by CVE-2020-24363?
Devices running the TP-Link TL-WA855RE with firmware version 20200415 are affected by CVE-2020-24363.
What type of attack does CVE-2020-24363 enable?
CVE-2020-24363 enables an unauthenticated attacker on the same network to reset the device and potentially gain inappropriate access.
Can CVE-2020-24363 be exploited remotely?
No, CVE-2020-24363 requires the attacker to be on the same local network as the affected device.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/tp-link
- canonical/tp-link tl-wa855re firmware
- version/tp-link tl-wa855re firmware/20200415
- canonical/tp-link tl-wa855re
- version/tp-link tl-wa855re/v5