An
unauthenticated URL redirection vulnerability has been identified in Archer
AX20 V2 due to improper validation of user-supplied URL input within the web
interface. An unauthenticated attacker
can craft URLs containing URL-encoded path traversal sequences.
When
processed by the embedded web server, these inputs may cause the device to
respond with HTTP 3xx redirects to attacker-controlled external domains.
This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web server, these inputs may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains. This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829. | |
| Title | Unauthenticated Open Redirect Vulnerability on TP-Link Archer AX20 Web Interface | |
| Weaknesses | CWE-601 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-06-30T20:34:43.577Z
Reserved: 2026-06-01T15:52:40.939Z
Link: CVE-2026-10562
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T22:30:06Z