Affected Product: TP-Link TL-WA855RE
Version: tested on TL-WA855RE(EU)_V5_200415 (possible earlier versions too)
Description: TP-Link TL-WA855RE V5 20200415-rel37464 d
evices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain full access to the device by setting a new administrative password.
Problem Type: Unauthenticated access to admin functionality.
By default the web interface requires users to log in in order to access the admin interface. However, an attacker can bypass it and use the APIs provided to send the TDDP_RESET code which doesn’t have any authentication.
The issue has been fixed with TL-WA855RE(EU)_V5_200731, and users are urged to update their devices. The new firmware update is available here (https://www.tp-link.com/en/support/download/tl-wa855re/#Firmware).