CVE-2025-15543
Improper Link Resolution in VX800v USB Allows Root Filesystem Exposure
Publication date: 2026-01-29
Last updated on: 2026-03-09
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | vx800v_firmware | to 800.0.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper link resolution issue in the USB HTTP access path of VX800v version 1.0. It allows a specially crafted USB device, when physically connected to the system, to expose the root filesystem contents. This means an attacker with physical access can gain read-only access to system files.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with physical access to your device to read sensitive system files without authorization. This could lead to information disclosure and potential further exploitation depending on the contents of the exposed files.