Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain elevated access to the susceptible device.
The US CISA has added WhatsApp and TP-link flaws to its Known Exploited Vulnerabilities catalog, highlighting the importance of proactive cybersecurity measures. The addition underscores the need for organizations to review their networks and implement robust security measures to prevent exploitation by malicious actors. The KEV catalog is updated regularly and provides a comprehensive list of known exploited vulnerabilities posing significant risks to federal agencies and other organizations. The CVE-2020-24363 vulnerability in TP-link products enables unauthenticated attackers to compromise the device, while the CVE-2025-55177 vulnerability in WhatsApp allows attackers to force arbitrary URLs to be rendered on a target's device. CISA has ordered federal agencies to fix identified vulnerabilities by September 23, 2025, emphasizing the importance of proactive measures in addressing cybersecurity threats.
The recent addition of WhatsApp and TP-link flaws to the United States Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog serves as a stark reminder of the ever-evolving threat landscape in the digital age. This development underscores the importance of proactive measures in addressing cybersecurity vulnerabilities, lest we fall prey to the insidious machinations of malicious actors seeking to exploit our weaknesses.
The KEV catalog, which is updated on a regular basis, provides a comprehensive list of known exploited vulnerabilities that have been identified by CISA as posing significant risks to federal agencies and other organizations. The addition of WhatsApp and TP-link flaws to this catalog signifies the agency's commitment to ensuring the security of its nation's critical infrastructure.
The CVE-2020-24363 vulnerability in TP-link TL-WA855RE Wi-Fi extenders is a prime example of the kind of flaw that can have far-reaching consequences. This missing authentication vulnerability, which has been rated at 8.8 on the Common Vulnerability Scoring System (CVSS), enables unauthenticated attackers to factory reset the device and set a new admin password. Given the widespread use of TP-link products in homes and businesses alike, this vulnerability poses a significant threat to the security of these networks.
The CVE-2025-55177 vulnerability in WhatsApp is another example of the kind of flaw that can be exploited by malicious actors. This incorrect authorization vulnerability allows attackers to force "content from arbitrary URL" to be rendered on a target's device, effectively giving them access to sensitive information. The fact that this vulnerability was recently patched by Apple (CVE-2025-43300) highlights the importance of staying up-to-date with software updates and patches.
The use of zero-click exploits in attacks against WhatsApp is particularly noteworthy. These exploits, which require no user interaction, can compromise devices and data without the victim even realizing it. The fact that attackers are using these exploits to target WhatsApp users underscores the sophistication and resources available to malicious actors.
In response to this development, CISA has issued guidance for federal agencies and other organizations on how to address the identified vulnerabilities in their infrastructure. The agency has ordered federal agencies to fix the vulnerabilities by September 23, 2025, underscoring the importance of proactive measures in addressing cybersecurity threats.
Moreover, experts are recommending that private organizations review the KEV catalog and take steps to address the vulnerabilities in their own networks. This includes implementing robust security measures, such as multi-factor authentication and regular software updates, to prevent exploitation by malicious actors.
In conclusion, the addition of WhatsApp and TP-link flaws to the CISA's KEV catalog serves as a stark reminder of the ever-evolving threat landscape in the digital age. It highlights the importance of proactive measures in addressing cybersecurity vulnerabilities and underscores the need for organizations to stay vigilant in protecting their networks from exploitation by malicious actors.
The U.S. CISA has added WhatsApp and TP-link flaws to its Known Exploited Vulnerabilities catalog, underscoring the importance of proactive cybersecurity measures in protecting against evolving threats. The addition highlights the need for organizations to review their networks and implement robust security measures to prevent exploitation by malicious actors.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-CISA-Adds-WhatsApp-and-TP-Link-Flaws-to-Its-Known-Exploited-Vulnerabilities-Catalog-A-Cautionary-Tale-of-Cybersecurity-ehn.shtml
https://securityaffairs.com/181863/hacking/u-s-cisa-adds-whatsapp-and-tp-link-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html
Published: Wed Sep 3 08:38:30 2025 by llama3.2 3B Q4_K_M
