Sign-up

ID

VAR-202602-4112


CVE

CVE-2025-9293


TITLE

TP-LINK Technologies of Aginet Vulnerabilities related to certificate validation in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888

DESCRIPTION

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-9293 // JVNDB: JVNDB-2026-009888

AFFECTED PRODUCTS

vendor:tp linkmodel:kidshieldscope:ltversion:1.1.21

Trust: 1.0

vendor:tp linkmodel:wifi toolkitscope:ltversion:1.4.28

Trust: 1.0

vendor:tp linkmodel:decoscope:ltversion:3.9.163

Trust: 1.0

vendor:tp linkmodel:aginetscope:ltversion:2.13.6

Trust: 1.0

vendor:tp linkmodel:vigiscope:ltversion:2.7.70

Trust: 1.0

vendor:tp linkmodel:omada guardscope:ltversion:1.1.28

Trust: 1.0

vendor:tp linkmodel:kasascope:ltversion:3.4.350

Trust: 1.0

vendor:tp linkmodel:taposcope:ltversion:3.14.111

Trust: 1.0

vendor:tp linkmodel:wi-fi naviscope:ltversion:1.5.5

Trust: 1.0

vendor:tp linkmodel:omadascope:ltversion:4.25.25

Trust: 1.0

vendor:tp linkmodel:festascope:ltversion:1.7.1

Trust: 1.0

vendor:tp linkmodel:tetherscope:ltversion:4.12.27

Trust: 1.0

vendor:tp linkmodel:tp-partnerscope:ltversion:2.0.1

Trust: 1.0

vendor:tp linkmodel:tpcamerascope:ltversion:3.2.17

Trust: 1.0

vendor:tp linkmodel:decoscope: - version: -

Trust: 0.8

vendor:tp linkmodel:vigiscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tetherscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tpcamerascope: - version: -

Trust: 0.8

vendor:tp linkmodel:omada guardscope: - version: -

Trust: 0.8

vendor:tp linkmodel:aginetscope: - version: -

Trust: 0.8

vendor:tp linkmodel:wi-fi naviscope: - version: -

Trust: 0.8

vendor:tp linkmodel:taposcope: - version: -

Trust: 0.8

vendor:tp linkmodel:omadascope: - version: -

Trust: 0.8

vendor:tp linkmodel:wi-fi toolkitscope: - version: -

Trust: 0.8

vendor:tp linkmodel:kidshieldscope: - version: -

Trust: 0.8

vendor:tp linkmodel:kasascope: - version: -

Trust: 0.8

vendor:tp linkmodel:tp-partnerscope: - version: -

Trust: 0.8

vendor:tp linkmodel:festascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888 // NVD: CVE-2025-9293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-9293
value: HIGH

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2025-9293
value: HIGH

Trust: 1.0

NVD: CVE-2025-9293
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2025-9293
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2025-9293
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888 // NVD: CVE-2025-9293 // NVD: CVE-2025-9293

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888 // NVD: CVE-2025-9293

PATCH

title:Security Advisory on Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers and Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception (CVE-2025-9292 and CVE-2 TP-Linkurl:https://www.omadanetworks.com/us/support/faq/4969/

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888

EXTERNAL IDS

db:NVDid:CVE-2025-9293

Trust: 2.6

db:JVNDBid:JVNDB-2026-009888

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888 // NVD: CVE-2025-9293

REFERENCES

url:https://www.tp-link.com/us/support/faq/4969/

Trust: 1.0

url:https://www.omadanetworks.com/us/support/faq/4969/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-9293

Trust: 0.8

sources: JVNDB: JVNDB-2026-009888 // NVD: CVE-2025-9293

SOURCES

db:JVNDBid:JVNDB-2026-009888
db:NVDid:CVE-2025-9293

LAST UPDATE DATE

2026-04-05T23:32:32.855000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-009888date:2026-04-03T02:20:00
db:NVDid:CVE-2025-9293date:2026-04-01T20:49:52.653

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-009888date:2026-04-03T00:00:00
db:NVDid:CVE-2025-9293date:2026-02-13T02:16:46.523