CVE-2025-13399

EPSS 0.01%
Veröffentlicht 29.01.2026 18:05:28
Zuletzt bearbeitet 09.03.2026 17:51:35
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Vx800v Firmware Version < 800.0.11

Tp-link ≫ Vx800v Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
f23511db-6c3e-4e32-a477-6aa17d310630	7.7	0	0	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://www.tp-link.com/de/support/download/vx800v/#Firmware

Product

https://www.tp-link.com/us/support/faq/4930/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-13399

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13399

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13399

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13399