CVE-2025-15548

MEDIUM

VX800v v1.0 - Info Disclosure

Title source: llm

Description

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.

References (2)

[Various Sources] https://www.tp-link.com/de/support/download/vx800v/#Firmware

[Various Sources] https://www.tp-link.com/us/support/faq/4930/

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 0.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

tp-link/vx800v_firmware < 800.0.18

Published Jan 29, 2026

Tracked Since Feb 18, 2026