QwikSec

Security Database

CVE

CWE

Training

CVE-2025-13399

Published: Jan 29, 2026

Modified: Feb 26, 2026

PUBLISHED

Description

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

Vendor	Product	Versions
TP-Link Systems Inc.	VX800v v1.0	affected `0 - < 800.0.11 (0.11.0 3.0.0 v603c.0 Build 250702)`

Weaknesses (CWE)

References

https://www.tp-link.com/de/support/download/vx800v/#Firmware

patch

https://www.tp-link.com/us/support/faq/4930/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.