CVE-2026-0620
6
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | AXE75 | 0 < <1.5.1 Build 20251202 | affected |
Weaknesses
- CWE-693: CWE-693 Protection Mechanism Failure
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
- https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware
- https://www.tp-link.com/us/support/faq/4942/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.