Description
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
CVSS Metrics
- Vector
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- passive
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-295
Metadata
- Primary Vendor
- TP-LINK
- Published
- 2/13/2026
- Last Modified
- 4/1/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
tp-link : aginettp-link : decotp-link : festatp-link : kasatp-link : kidshieldtp-link : omadatp-link : omada_guardtp-link : tapotp-link : tethertp-link : tp-partnertp-link : tpcameratp-link : vigitp-link : wi-fi_navitp-link : wifi_toolkit
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.