CVE-2025-15541

MEDIUM

VX800v v1.0 - Path Traversal

Title source: llm

Description

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

References (2)

[Various Sources] https://www.tp-link.com/de/support/download/vx800v/#Firmware

[Various Sources] https://www.tp-link.com/us/support/faq/4930/

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 1.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Products (1)

tp-link/vx800v_firmware < 800.0.11

Published Jan 29, 2026

Tracked Since Feb 18, 2026