CVE-2025-15542
Unknown Unknown - Not Provided
Denial of Service via SIP INVITE Flood in VX800v v

Publication date: 2026-01-29

Last updated on: 2026-03-09

Assigner: TPLink

Description
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15542
EUVD
EUVD-2025-206533
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link vx800v_firmware to 800.0.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is due to improper handling of exceptional conditions in the VX800v v1.0 device during SIP processing. An attacker can exploit this by sending a large number of specially crafted INVITE messages, which floods the device and blocks all voice lines, resulting in a denial of service for incoming calls.

Impact Analysis

The impact of this vulnerability is a denial of service on the VX800v v1.0 device's incoming calls. Attackers can flood the device with crafted INVITE messages, causing all voice lines to be blocked and preventing legitimate incoming calls from being received.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart