CVE-2025-13399 | THREATINT

Description

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

PUBLISHED Reserved 2025-11-19 | Published 2026-01-29 | Updated 2026-01-30 | Assigner TPLink

HIGH: 7.7CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-331 Insufficient Entropy

Product status

Default status

unaffected

Any version before 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)

affected

References

www.tp-link.com/de/support/download/vx800v/ patch

www.tp-link.com/us/support/faq/4930/ vendor-advisory

cve.org (CVE-2025-13399)

nvd.nist.gov (CVE-2025-13399)

Download JSON