Tp-Link: >> Archer Axe75 Firmware >> 1.1.8 Security Vulnerabilities
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device.
This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.
CVSS Score
8.5
EPSS Score
0.002
Published
2026-03-09
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-01-09
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-01-11
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-01-11