CVE-2025-14175

Weak Algorithm Support in SSH Server on TL-WR820N

CVSS 6 MEDIUMEPSS 0.3%CWE-327

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6EPSS 0.3%KEV nãoPoC —Patch referenciado

Lifecycle

29 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

TP-Link Systems Inc. · TL-WR820N v2.8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tp-link.com/en/support/download/tl-wr820n/#Firmware https://www.tp-link.com/in/support/download/tl-wr820n/#Firmware https://www.tp-link.com/us/support/faq/4861/