CVE-2020-24363

HIGH KEV

TP-Link TL-WA855RE V5 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-24363 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 2, 2025. EIP tracks 1 public exploit from researchers including malwrforensics.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in TP-Link TL-WA855RE V5_200415, allowing an unauthenticated attacker on the same network to reset the device to factory settings via a crafted POST request using the TDDP_RESET code (5).

Description

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.

Exploits (1)

exploitdb WORKING POC
by malwrforensics · textwebappshardware
https://www.exploit-db.com/exploits/49092

This exploit demonstrates an authentication bypass vulnerability in TP-Link TL-WA855RE V5_200415, allowing an unauthenticated attacker on the same network to reset the device to factory settings via a crafted POST request using the TDDP_RESET code (5).

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TP-Link TL-WA855RE V5_200415
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.2069
EPSS Percentile 97.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-09-02
VulnCheck KEV 2025-09-02
ENISA EUVD EUVD-2020-17095
CWE
CWE-306
Status published
Products (1)
tp-link/tl-wa855re_firmware < 200731
Published Aug 31, 2020
KEV Added Sep 02, 2025
Tracked Since Feb 18, 2026