WhatsApp Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

WhatsApp Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

Briefly

"The Cybersecurity & Infrastructure Security Agency (CISA) has announced the addition of two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These were added due to evidence of active exploitation and are frequent attack vectors for malicious actors. CISA believes these flaws present a notable risk to the federal enterprise. The vulnerabilities are: CVE-2020-24363, a TP-link TL-WA855RE Missing Authentication for Critical Function Flaw CVE-2025-55177, a Meta Platforms WhatsApp Incorrect Authorization Flaw"

"In the companies I've worked with, it's rarely a topic because enterprise-grade wireless solutions already solve for coverage. The real issue is our workforce. Employees working from home often turn to consumer extenders as a cheap and easy way to fix Wi-Fi dead zones. The problem is these devices usually ship with weak security, rarely get patched, and most users don't think to replace them until they see a tangible benefit (speed, easier management, etc.)."

"That's how EoL gear ends up staying in circulation long after the vendor stops providing fixes. From a corporate standpoint, if I ever found extenders in the office, that would be a red flag. There are practical ways to check for this - scanning for TP-Link MAC OUIs and unusual SSIDs, pulling DHCP lease tables, or enabling rogue AP detection. More importantly, we need clear communication:"