CVE-2026-0620

Vulnerability Description

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

Related Weaknesses (CWE)

CWE-693

References

https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware
https://www.tp-link.com/us/support/faq/4942/

FAQ

What is CVE-2026-0620?

CVE-2026-0620 is a documented vulnerability. When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing...

How severe is CVE-2026-0620?

CVSS scoring is not yet available for CVE-2026-0620. Check NVD for updates.

Is there a patch for CVE-2026-0620?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.