Primary

Context

TP-Link Archer AXE75 L2TP/IPSec VPN Encryption Vulnerability

Vulnerability

Patched

A vulnerability exists in the TP-Link Archer AXE75 V1 router when it is configured as an L2TP/IPSec VPN server. The router may accept L2TP connections without IPSec encryption, even if IPSec is enabled. This flaw can lead to unencrypted VPN sessions, exposing data in transit and compromising confidentiality.

Impact

The vulnerability allows for unencrypted VPN sessions, exposing data in transit and compromising confidentiality.

Remediation

Users are advised to update to the latest firmware version, specifically version 1.5.1 Build 20251202 or later, and to ensure that IPSec is enforced after updating.

Added: Feb 3, 2026, 7:38 PM

Updated: Feb 3, 2026, 7:38 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

8.3

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

8.3

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer AXE75 L2TP/IPSec VPN Encryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TP-Link Archer AXE75

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating