CVE Alert: CVE-2020-24363 – n/a – n/a
CVE-2020-24363
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
AI Summary Analysis
Risk verdict
High risk with active exploitation on local networks; SSVC indicates exploitation is active and can be initiated by an adjacent-network attacker.
Why this matters
An unauthenticated actor on the same LAN can reset the device and change the admin password, effectively turning control over to an attacker. This enables total compromise of the device’s management, potentially allowing persistence and secondary access to other network resources.
Most likely attack path
Attacker connected to the same network sends a TDDP_RESET POST to the device without any authentication, triggering a factory reset and a new admin password. With Privileges Required: None and User Interaction: None, the attack has a low barrier to success and can be used for immediate control and potential lateral movement within the local network.
Who is most exposed
Commonly deployed in home and small business networks; devices with exposed LAN-side admin interfaces are at higher risk, especially where network segmentation is weak and devices are accessible to any connected user on the local network.
Detection ideas
- Unusual POST requests to the device’s admin/reset endpoint from non-admin hosts.
- Sudden changes to administrative credentials or successful login events from unexpected sources.
- Abnormal reboot/factory-reset sequences detected in device or network logs.
- Web interface login failures followed by successful password changes.
- Anomalous traffic to the device’s management port during off-hours.
Mitigation and prioritisation
- Apply firmware update that fixes the unauthenticated reset flow; verify the vendor advisory and patch applicability.
- Disable or tightly restrict the management/reset endpoint from the LAN, or require authentication for reset operations.
- Deploy network segmentation; limit admin interface exposure to trusted management networks.
- Enforce strong authentication for admin access and rotate admin credentials; monitor for password-change events.
- Update change-management processes to track and verify firmware revisions on deployed devices.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
