CVE-2025-15548 | THREATINT

Description

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.

PUBLISHED Reserved 2026-01-26 | Published 2026-01-29 | Updated 2026-02-13 | Assigner TPLink

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-311 Missing Encryption of Sensitive Data

Product status

Default status

unaffected

Any version before 800.0.18_0.18.0 3.0.0 v603c.0 Build 260203 Rel.35251n

affected

References

www.tp-link.com/de/support/download/vx800v/ patch

www.tp-link.com/us/support/faq/4930/ vendor-advisory

cve.org (CVE-2025-15548)

nvd.nist.gov (CVE-2025-15548)

Download JSON