CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.tp-link.com/de/support/download/vx800v/#Firmware	Product
https://www.tp-link.com/us/support/faq/4930/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:vx800v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:vx800v:1.0:*:*:*:*:*:*:*

History

09 Mar 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) Resolución de enlaces incorrecta en la ruta de acceso HTTP USB en VX800v v1.0 permite que un dispositivo USB manipulado exponga el contenido del sistema de archivos raíz, dando a un atacante con acceso físico acceso de solo lectura a los archivos del sistema.
References	~~() https://www.tp-link.com/de/support/download/vx800v/#Firmware -~~	() https://www.tp-link.com/de/support/download/vx800v/#Firmware - Product
References	~~() https://www.tp-link.com/us/support/faq/4930/ -~~	() https://www.tp-link.com/us/support/faq/4930/ - Vendor Advisory
First Time		Tp-link Tp-link vx800v Firmware Tp-link vx800v
CPE		cpe:2.3:o:tp-link:vx800v_firmware:::::::: cpe:2.3:h:tp-link:vx800v:1.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.6

29 Jan 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-29 19:16

Updated : 2026-03-09 17:52

NVD link : CVE-2025-15543

Mitre link : CVE-2025-15543

CVE.ORG link : CVE-2025-15543

JSON object : View

Products Affected

tp-link

vx800v
vx800v_firmware

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2025-15543", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}], "cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T19:16:11.490", "references": [{"url": "https://www.tp-link.com/de/support/download/vx800v/#Firmware", "tags": ["Product"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/4930/", "tags": ["Vendor Advisory"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read\u2011only access to system files."}, {"lang": "es", "value": "Resoluci\u00f3n de enlaces incorrecta en la ruta de acceso HTTP USB en VX800v v1.0 permite que un dispositivo USB manipulado exponga el contenido del sistema de archivos ra\u00edz, dando a un atacante con acceso f\u00edsico acceso de solo lectura a los archivos del sistema."}], "lastModified": "2026-03-09T17:52:47.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:vx800v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D323DA3B-C62D-433E-980E-78A9C575D676", "versionEndExcluding": "800.0.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:vx800v:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10362289-8BD9-4B51-A347-6E4DA2BC6507"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}