L2TP over IPSec Encryption Failure on ArcherAXE75_CVE-2026-0620

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

Basic Information

ID CVE-2026-0620

Source TPLink

Published Feb 3, 2026 at 18:05

Affected Product

Vendor TP-Link Systems Inc.

Product AXE75

Affected Versions TP-Link Systems Inc. AXE75 0

CWE Classification

CWE-693

References

{
    "lastseen": "",
    "description": "When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled.\u00a0\u00a0This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.",
    "published": "2026-02-03T18:05:44.077Z",
    "modified": "2026-02-03T18:05:44.077Z",
    "type": "cve",
    "title": "L2TP over IPSec Encryption Failure on ArcherAXE75",
    "source": "TPLink",
    "references": "https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware\nhttps://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware\nhttps://www.tp-link.com/us/support/faq/4942/",
    "id": "CVE-2026-0620",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. AXE75 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AXE75",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}