CVE-2025-9293
Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
Productos afectados
TP Link Systems Inc. · Omada AppTP-Link Systems Inc. · Aginet AppTP-Link Systems Inc. · Deco AppTP-Link Systems Inc. · Festa AppTP-Link Systems Inc. · Kasa AppTP-Link Systems Inc. · KidShieldTP-Link Systems Inc. · Omada GuardTP-Link Systems Inc. · Tapo AppTP-Link Systems Inc. · Tether AppTP-Link Systems Inc. · tpCamera AppTP-Link Systems Inc. · TP-Partner AppTP-Link Systems Inc. · VIGI AppTP-Link Systems Inc. · Wi-Fi NaviTP-Link Systems Inc. · WiFi Toolkit¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →