Description
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled.  This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.
Published: 2026-02-03
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Loss of confidentiality due to unencrypted L2TP traffic
Action: Apply Firmware
AI Analysis

Impact

When configured as an L2TP/IPSec VPN server, the Archer AXE75 V1 router can unintentionally accept L2TP connections that lack IPSec encryption, even when the IPSec layer is enabled. This defect allows an attacker to establish a VPN tunnel that is not protected by encryption, exposing all data that traverses the tunnel and compromising confidentiality. The failure to enforce the security configuration is identified as CWE‑693, improper control of privileged functions.

Affected Systems

TP‑Link Systems Inc.’s Archer AXE75 V1 router model serves as the affected product; no other models or firmware versions are listed in the CVE data.

Risk and Exploitability

The CVSS score of 6.0 indicates a moderate impact, while the EPSS score of less than 1% suggests a very low probability of exploitation at the time of this assessment, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote VPN client connecting to the router to establish an L2TP session that bypasses IPSec protection. An attacker can use a standard L2TP client to open an unencrypted tunnel, exploiting the firmware’s failure to enforce the IPSec layer without needing special privileges on the router.

Generated by OpenCVE AI on April 18, 2026 at 14:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware from TP‑Link for the Archer AXE75 V1 router.
  • Configure the VPN settings to enforce IPSec, ensuring L2TP‑only connections are blocked.
  • Regularly monitor TP‑Link’s support site for new firmware releases or security advisories and apply updates promptly.

Generated by OpenCVE AI on April 18, 2026 at 14:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link axe75
Vendors & Products Tp-link
Tp-link axe75

Tue, 03 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
Description When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled.  This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.
Title L2TP over IPSec Encryption Failure on ArcherAXE75
Weaknesses CWE-693
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Axe75
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-04T20:46:15.816Z

Reserved: 2026-01-05T19:17:01.519Z

Link: CVE-2026-0620

cve-icon Vulnrichment

Updated: 2026-02-04T20:46:10.241Z

cve-icon NVD

Status : Deferred

Published: 2026-02-03T19:16:15.580

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0620

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:15:04Z

Weaknesses