CVE-2026-0620
L2TP Without IPSec Encryption Vulnerability in Archer AXE75 VPN
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_axe75 | to 1.5.1_build_20251202 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-0620 vulnerability affects the TP-Link Archer AXE75 V1 router when it is configured as an L2TP/IPSec VPN server. The device may accept VPN connections using L2TP without IPSec encryption, even if IPSec is enabled. This means that VPN sessions can occur without encryption, exposing the data transmitted over the VPN and compromising its confidentiality.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing VPN sessions to be established without encryption, which exposes data transmitted over the VPN to potential interception or eavesdropping. As a result, sensitive information sent through the VPN could be compromised, leading to loss of confidentiality and increased risk of data breaches.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-0620 vulnerability on the TP-Link Archer AXE75 V1 router, you should update the device firmware to the latest version, specifically version 1.5.1 Build 20251202 or later.
Updating the firmware enforces the use of IPSec for VPN connections, preventing the device from accepting unencrypted L2TP connections and thus protecting the confidentiality of data transmitted over the VPN.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.
Such exposure of data in transit can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and confidentiality during transmission.
Failure to update the device firmware and mitigate this vulnerability may result in violations of these regulations due to insufficient data protection.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability occurs when the TP-Link Archer AXE75 V1 router accepts L2TP VPN connections without IPSec encryption, even if IPSec is enabled. To detect this on your network, you can monitor VPN connection attempts and check if any L2TP sessions are established without IPSec protection.'}, {'type': 'paragraph', 'content': 'One approach is to capture and analyze network traffic on the VPN server interface to identify L2TP packets that are not encapsulated within IPSec. Tools like tcpdump or Wireshark can be used for this purpose.'}, {'type': 'paragraph', 'content': 'Example commands to detect unencrypted L2TP VPN connections:'}, {'type': 'list_item', 'content': 'Using tcpdump to capture L2TP traffic without IPSec: tcpdump -i <interface> udp port 1701'}, {'type': 'list_item', 'content': "Using Wireshark to filter L2TP traffic: Apply the display filter 'l2tp' and check if packets are not encapsulated in ESP (IPSec) protocol."}, {'type': 'paragraph', 'content': 'If you observe L2TP traffic without accompanying IPSec ESP packets, it indicates the vulnerability is present and unencrypted VPN sessions are possible.'}] [1]