High severity8.1NVD Advisory· Published Feb 13, 2026· Updated Apr 1, 2026

CVE-2025-9293

Description

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Affected products

TP-Link/Aginet
cpe:2.3:a:tp-link:aginet:*:*:*:*:*:*:*:*
Range: <2.13.6
TP-Link/Deco
cpe:2.3:a:tp-link:deco:*:*:*:*:*:*:*:*
Range: <3.9.163
TP-Link/Festa
cpe:2.3:a:tp-link:festa:*:*:*:*:*:*:*:*
Range: <1.7.1
TP-Link/Kasa
cpe:2.3:a:tp-link:kasa:*:*:*:*:*:*:*:*
Range: <3.4.350
TP-Link/Kidshield
cpe:2.3:a:tp-link:kidshield:*:*:*:*:*:*:*:*
Range: <1.1.21
TP-Link/Omada
cpe:2.3:a:tp-link:omada:*:*:*:*:*:*:*:*
Range: <4.25.25
TP-Link/Omada Guard
cpe:2.3:a:tp-link:omada_guard:*:*:*:*:*:*:*:*
Range: <1.1.28
TP-Link/Tapo
cpe:2.3:a:tp-link:tapo:*:*:*:*:*:*:*:*
Range: <3.14.111
TP-Link/Tether
cpe:2.3:a:tp-link:tether:*:*:*:*:*:*:*:*
Range: <4.12.27
TP-Link/Tpcamera
cpe:2.3:a:tp-link:tpcamera:*:*:*:*:*:*:*:*
Range: <3.2.17
TP-Link/Tp Partner
cpe:2.3:a:tp-link:tp-partner:*:*:*:*:*:*:*:*
Range: <2.0.1
TP-Link/Vigi
cpe:2.3:a:tp-link:vigi:*:*:*:*:*:*:*:*
Range: <2.7.70
TP-Link/Wi Fi Navi
cpe:2.3:a:tp-link:wi-fi_navi:*:*:*:*:*:*:*:*
Range: <1.5.5
TP-Link/Wifi Toolkit
cpe:2.3:a:tp-link:wifi_toolkit:*:*:*:*:*:*:*:*
Range: <1.4.28

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.omadanetworks.com/us/support/faq/4969/nvdVendor Advisory
www.tp-link.com/us/support/faq/4969/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000