Primary

Context

TP-Link Archer AXE75 Improper Input Validation Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Patched

A vulnerability in the TP-Link Archer AXE75 router, specifically in version 1.6 prior to build 20250107, has been identified. This vulnerability arises from improper input validation in the VPN modules, allowing an authenticated adjacent attacker to delete arbitrary files from the server. The exploitation of this vulnerability could lead to the loss of critical system files, disrupting services or degrading functionality.

Impact

Exploitation of this vulnerability could result in the unauthorized deletion of server files, potentially including important system or configuration files. This could cause a loss of system integrity and lead to service interruptions or degraded performance.

Remediation

Users are advised to update to the latest firmware version. The patched version is Archer AXE75 V1.5.1 Build 20251202, available on the TP-Link support page for the Archer AXE75.

Added: Jan 9, 2026, 5:33 PM

Updated: Jan 9, 2026, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

3.5

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

3.5

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer AXE75 Improper Input Validation Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

TP-Link Archer AXE75

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating