CVE-2026-0620

Archer AXE75 V1 - Info Disclosure

Title source: llm

Description

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

References (3)

[Various Sources] https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware

[Various Sources] https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware

[Various Sources] https://www.tp-link.com/us/support/faq/4942/

Scores

EPSS 0.0006

EPSS Percentile 17.5%

Classification

CWE

CWE-693

Status draft

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026