Vx800v Firmware
CVE-2025-13399
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.
AnalysisAI
Vx800V Firmware contains a vulnerability that allows attackers to high impact to confidentiality, integrity, and availability of transmitted data (CVSS 8.8).
Technical ContextAI
exists in the web component. A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.
RemediationAI
Monitor vendor advisories for a patch.
More in Vx800v Firmware
View allSome VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem co
Same weakness CWE-331 – Insufficient Entropy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today