CVE-2026-0620
📋 TL;DR
The Archer AXE75 V1 router may accept L2TP VPN connections without IPSec encryption even when IPSec is enabled, allowing unencrypted VPN sessions. This exposes transmitted data to interception, compromising confidentiality. Only users of this specific router model configured as an L2TP/IPSec VPN server are affected.
💻 Affected Systems
- TP-Link Archer AXE75 V1
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept all VPN traffic, stealing sensitive data like credentials, financial information, and proprietary business data transmitted over the VPN.
Likely Case
Unauthorized parties monitor unencrypted VPN sessions, capturing login credentials and sensitive communications.
If Mitigated
With proper network segmentation and monitoring, impact is limited to potential data exposure from intercepted sessions.
🎯 Exploit Status
Exploitation requires network access to the VPN server but no authentication. Attackers can establish L2TP connections without IPSec if the vulnerability is present.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor firmware updates
Vendor Advisory: https://www.tp-link.com/us/support/faq/4942/
Restart Required: Yes
Instructions:
1. Access router admin interface
2. Navigate to firmware update section
3. Download latest firmware from TP-Link support page
4. Upload and install firmware
5. Reboot router
🔧 Temporary Workarounds
Disable L2TP/IPSec VPN server
allTemporarily disable the VPN server functionality until patched
Use alternative VPN protocol
allConfigure router to use OpenVPN or WireGuard instead of L2TP/IPSec
🧯 If You Can't Patch
- Disable the VPN server entirely and use alternative VPN solutions
- Implement network monitoring to detect unencrypted VPN connections
🔍 How to Verify
Check if Vulnerable:
Attempt to establish L2TP connection without IPSec to the VPN server. If connection succeeds, device is vulnerable.Check Version:
Check firmware version in router admin interface under System Tools > Firmware UpgradeVerify Fix Applied:
After updating firmware, attempt L2TP connection without IPSec should fail. Verify IPSec is properly enforcing encryption.📡 Detection & Monitoring
Log Indicators:
- L2TP connection attempts without corresponding IPSec logs
- VPN session establishment without encryption handshake
Network Indicators:
- Unencrypted L2TP traffic on port 1701
- L2TP packets without ESP/AH encapsulation
SIEM Query:
source="router" AND (event="L2TP_connection" AND NOT event="IPSec_established")