This page lists publicly disclosed CVE vulnerabilities affecting tp-link archer_axe75_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-15568 | A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107. | f23511db-6c3e-4e32-a477-6aa17d310630 | 8.5 | 0.17% | 2026-03-09 | 2026-05-06 |
| CVE-2025-15035 | Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. | f23511db-6c3e-4e32-a477-6aa17d310630 | 6.9 | 0.03% | 2026-01-09 | 2026-03-09 |
| CVE-2024-21833 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. | [email protected] | 8.8 | 0.18% | 2024-01-11 | 2025-06-16 |
| CVE-2024-21821 | Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | [email protected] | 8.0 | 0.10% | 2024-01-11 | 2025-06-17 |