CVE-2025-15542
Unknown Unknown - Not Provided

Denial of Service via SIP INVITE Flood in VX800v v

Vulnerability report for CVE-2025-15542, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-29

Last updated on: 2026-03-09

Assigner: TPLink

Description

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-29
Last Modified
2026-03-09
Generated
2026-07-06
AI Q&A
2026-01-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tp-link vx800v_firmware to 800.0.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is due to improper handling of exceptional conditions in the VX800v v1.0 device during SIP processing. An attacker can exploit this by sending a large number of specially crafted INVITE messages, which floods the device and blocks all voice lines, resulting in a denial of service for incoming calls.

Impact Analysis

The impact of this vulnerability is a denial of service on the VX800v v1.0 device's incoming calls. Attackers can flood the device with crafted INVITE messages, causing all voice lines to be blocked and preventing legitimate incoming calls from being received.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart