@SmellMyFeet 

Same router here.

The A20 V3 uses different internal chipsets and maybe other parts. Still basically the same router as the V1.

I don't see TP-Link releasing many f/w updates for any router it seems. I had Netgear before and they seemed to drop f/w for routers quite often, and one line in the new f/w was always 'security fixes'. Never understood why Netgear had some many of these 'fixes' either.

If you go to the D/L page for the A20 V3 (https://www.tp-link.com/us/support/download/archer-a20/#Firmware) you'll see it has not had a f/w update in over a year too. One day later than the V1.0 update was released.

I think the REAL question to ask is 'Why no Security fixes released'

This site sort of tracks them, https://routersecurity.org/bugs.php, and TP-Link routers are listed.

This site keeps a LIST of CVE's, https://www.cvedetails.com/vulnerability-list/vendor_id-11936/Tp-link.html, and for Archer A20, this is the list of 2 CVE's, https://www.cvedetails.com/google-search-results.php?q=archer+a20&sa=Search but those two are a long list and hard to tell if it is 'new' or not in the currect F/W.

Maybe someone from TP-Link can address this for you though.

@SmellMyFeet 

When a device is EoL there likely will not be any "features" added like say OneMesh to an EoL router. However, anything related to security is something that should be brought to our security team's attention, that is evaluated and patched if needed. For example, when the KRACK issue came out all our older devices received fixes.

Here is where you can reach out to our team to bring that up and forward any feedback: https://www.tp-link.com/us/press/security-advisory/