CVE-2025-15541
6.9
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | VX800v v1.0 | 0 < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702) | affected |
Weaknesses
- CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.tp-link.com/de/support/download/vx800v/#Firmware
- https://www.tp-link.com/us/support/faq/4930/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.