The TP-Link and WhatsApp vulnerabilities exploited by hackers have drawn urgent attention from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Both flaws were added to the Known Exploited Vulnerabilities catalog after reports of active attacks. Federal agencies must address the risks by September 23, 2025.
TP-Link Vulnerability
The TP-Link flaw (CVE-2020-24363, CVSS 8.8) affects TL-WA855RE V5 Wi-Fi extenders. Hackers can exploit the bug to perform a factory reset, reboot devices, and set new admin passwords. With control over the extender, attackers could pivot into larger networks.
TP-Link released a patch in firmware update TL-WA855RE(EU)_V5_200731. However, the device may now be end-of-life, meaning it no longer receives security updates. CISA recommends replacing vulnerable units to ensure continued protection.
WhatsApp Zero-Click Attack
The second flaw (CVE-2025-55177) involves incorrect authorization of linked-device synchronization messages in WhatsApp. Attackers can send malicious content from arbitrary URLs, launching zero-click spyware attacks that require no user interaction.
WhatsApp confirmed the issue, notified affected users, and released an update to close the gap. The attack highlights how popular communication apps remain high-value targets for cybercriminals.
Why These Flaws Matter
The vulnerabilities reveal two growing challenges: insecure network hardware and stealthy spyware tactics. Outdated consumer devices often become easy entry points, while zero-click exploits bypass traditional defenses. Together, these weaknesses threaten both enterprise and personal security.
CISA’s decision to add these flaws to the KEV catalog underscores the danger. Agencies must patch, replace, or disable impacted systems before the deadline. Private users should also update or replace devices immediately.
Conclusion
The TP-Link and WhatsApp vulnerabilities exploited by hackers show how cyber threats continue to evolve. From outdated Wi-Fi extenders to zero-click spyware, attackers adapt to bypass defenses. Rapid patching, hardware replacement, and vigilance remain critical for securing both government and consumer systems.
0 responses to “TP-Link and WhatsApp Vulnerabilities Exploited by Hackers”