현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다. * 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog| cveID | vendorProject | vulnerabilityName | dateAdded | shortDescription | requiredAction | dueDate |
|---|
| CVE-2025-55177 | Meta Platforms | Meta Platforms WhatsApp Incorrect Authorization Vulnerability | 2025-09-02 | Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-09-23 |
|---|
| CVE-2020-24363 | TP-Link | TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability | 2025-09-02 | TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-09-23 |
|---|
|
|
로그인
보안공지