The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation.

The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain elevated access to the susceptible device.

"This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot," the agency said. "The attacker can then obtain incorrect access control by setting a new administrative password."

According to malwrforensics , the issue has been fixed with firmware version TL-WA855R

See Full Page