Home

Description

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.

PUBLISHED Reserved 2025-12-06 | Published 2025-12-29 | Updated 2025-12-29 | Assigner TPLink




MEDIUM: 6.0CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status
unaffected

Any version before 1.15.0 Build 250813
affected

Credits

Vishwa V; Sathya Priya. S; Cybersecurity Lab, SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu, India. vishwaofficials@gmail.com; sathyapriya80@gmail.com finder

References

www.tp-link.com/en/support/download/tl-wr820n/ patch

www.tp-link.com/in/support/download/tl-wr820n/ patch

www.tp-link.com/us/support/faq/4861/ vendor-advisory

cve.org (CVE-2025-14175)

nvd.nist.gov (CVE-2025-14175)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.