Particle.news
Download on the App Store
6 ARTICLES
·
2w ago

CISA Adds Actively Exploited TP-Link and WhatsApp Flaws to KEV, Sets September Deadlines

Some TP-Link models are end-of-life, pushing replacement as the safest option under BOD 22-01 timelines.

CISA Adds TP-Link Wi-Fi and WhatsApp Spyware Flaws to KEV List
Image
Image

Overview

  • On September 4, CISA added TP-Link router flaws CVE-2023-50224 (credential disclosure via auth bypass) and CVE-2025-9377 (OS command injection) to the Known Exploited Vulnerabilities catalog with a September 24 remediation deadline for federal agencies.
  • TP-Link advisories link in-the-wild router exploitation to the Quad7 (CovertNetwork-1658) botnet reportedly leveraged by the China-linked actor Storm-0940, and researchers note the two TP-Link bugs can be chained for remote code execution and proxy operations.
  • On September 3, CISA listed TP-Link TL-WA855RE extender bug CVE-2020-24363 and WhatsApp authorization issue CVE-2025-55177 as actively exploited, setting a September 23 deadline for mitigation.
  • WhatsApp said fewer than 200 users received in-app warnings tied to a targeted spyware campaign that chained CVE-2025-55177 with Apple’s zero-click OS flaw CVE-2025-43300, and both vendors have issued updates.
  • TP-Link states several affected routers are end-of-life with limited support despite firmware updates issued in November 2024, and a separate CWMP buffer overflow zero-day under investigation currently lacks global patches with users urged to harden configurations and update firmware.