CVE-2026-0620

Vulnerability Description

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

Vulnerability Details

Published Date

February 03, 2026

Last Modified

February 04, 2026

CWE ID

CWE-693

Source

NVD

External References

https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware
https://www.tp-link.com/us/support/faq/4942/

CVE-2026-0620

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment