Weak Cryptographic Algorithm in TP-Link TL-WR820N SSH Server
CVE-2025-14175

6MEDIUM

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tl-wr820n V2.8
Vendor: CVE Published:; 29 December 2025

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2025-14175?

A vulnerability in the SSH server of TP-Link TL-WR820N version 2.80 enables the use of weak cryptographic algorithms, allowing an adjacent attacker to potentially intercept and decrypt SSH traffic. This exploitation could lead to unauthorized access to sensitive information, ultimately compromising the confidentiality of communications. Users are advised to update their firmware to mitigate this risk.

Affected Version(s)

TL-WR820N v2.8 0 < 1.15.0 Build 250813

References

https://www.tp-link.com/en/support/download/tl-wr820n/#Fi...

patch

https://www.tp-link.com/in/support/download/tl-wr820n/#Fi...

patch

https://www.tp-link.com/us/support/faq/4861/

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 29, 2025
Vulnerability Reserved
Dec 6, 2025

Credit

Vishwa V; Sathya Priya. S; Cybersecurity Lab, SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu, India. vishwaofficials@gmail.com; sathyapriya80@gmail.com

JSON