CVE-2025-13399

UNKNOWN 0.0

Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

CWE	CWE-331
Vendor	tp-link systems inc.
Product	vx800v v1.0
Published	Jan 29, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. vx800v v1.0

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. vx800v v1.0 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TP-Link Systems Inc. / VX800v v1.0

0 < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tp-link.com: https://www.tp-link.com/de/support/download/vx800v/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/4930/