CVE-2025-15548

Summary

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.VX800v v1.00 < 800.0.18_0.18.0 3.0.0 v603c.0 Build 260203 Rel.35251naffected

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References