CVE-2025-14175

MEDIUM

TP-Link TL-WR820N v2.80 - Info Disclosure

Title source: llm

Description

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.

Exploits (1)

nomisec WRITEUP

by CyberVinner · poc

https://github.com/CyberVinner/TP-Link-TL-WR820N-CVE-2025-14175

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.tp-link.com/en/support/download/tl-wr820n/#Firmware

[Various Sources] https://www.tp-link.com/in/support/download/tl-wr820n/#Firmware

[Various Sources] https://www.tp-link.com/us/support/faq/4861/

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327

Status published

Products (1)

tp-link/tl-wr820n_firmware < 1.15.0

Published Dec 29, 2025

Tracked Since Feb 18, 2026