Description
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.
References (5)
Core 5
Core References
Various Sources
https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/tree/master/2025/PANW-2025-0004
Various Sources patch
https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware
Various Sources patch
https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
Various Sources patch
https://www.tp-link.com/jp/support/download/archer-axe75/v1/#Firmware
Various Sources vendor-advisory
https://www.tp-link.com/phppage/preview.php?url=https://www.tp-link.com/en/support/faq/4881/
Scores
CVSS v3
7.3
EPSS
0.0002
EPSS Percentile
5.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
tp-link/archer_axe75_firmware
< 1.3.2
Published
Jan 09, 2026
Tracked Since
Feb 18, 2026