How to fix CVE-2025-13399?

Within 24 hours: Inventory all Vx800V devices in production and assess their exposure; establish incident response readiness. Within 7 days: Implement network segmentation to isolate affected devices, disable non-essential features if possible, and establish enhanced monitoring for suspicious activity. Within 30 days: Work with the vendor for patch availability; evaluate replacement equipment or alternative solutions if no patch timeline is provided.

Is Vx800v Firmware affected by CVE-2025-13399?

CVE-2025-13399 is a HIGH severity vulnerability affecting Vx800V firmware with no available patch, creating significant risk to the confidentiality, integrity, and availability of data transmitted through affected devices.

CVE-2025-13399

HIGH

2026-01-29 f23511db-6c3e-4e32-a477-6aa17d310630

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 29, 2026 - 19:16 nvd

HIGH 8.8

Description

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

Analysis

Vx800V Firmware contains a vulnerability that allows attackers to high impact to confidentiality, integrity, and availability of transmitted data (CVSS 8.8).

Technical Context

exists in the web component. A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

Affected Products

Vendor: Tp-Link. Product: Vx800V Firmware. Component: web.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2025-13399 vulnerability details – vuln.today

Back

CVE-2025-13399

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-13399

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code