Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

VX800v v1.0

Source -

CNA

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2025-15548
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.49%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 18:07
Updated-13 Feb, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-VX800v v1.0
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2025-15543
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.51%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 18:06
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Read-Only Root Access via USB Storage Device in TP-Link VX800v

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-VX800v v1.0
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-15542
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.30%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 18:06
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) of VoIP Communication on TP-Link VX800v

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-VX800v v1.0
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-15541
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 18:05
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Access to System Files via SFTP on TP-Link VX800v

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-VX800v v1.0
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-13399
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-7.7||HIGH
EPSS-0.01% / 0.66%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 18:05
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-VX800v v1.0
CWE ID-CWE-331
Insufficient Entropy