CVE-2025-13399

HIGH

VX800v v1.0 - Info Disclosure

Title source: llm

Description

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

References (2)

[Various Sources] https://www.tp-link.com/de/support/download/vx800v/#Firmware

[Various Sources] https://www.tp-link.com/us/support/faq/4930/

Scores

CVSS v3 8.8

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-331

Status published

Products (1)

tp-link/vx800v_firmware < 800.0.11

Published Jan 29, 2026

Tracked Since Feb 18, 2026