Back to CVE List

CVE-2026-10562

Vulnerability Description

An
unauthenticated URL redirection vulnerability has been identified in Archer
AX20 V2 due to improper validation of user-supplied URL input within the web
interface.  An unauthenticated attacker
can craft URLs containing URL-encoded path traversal sequences.





When
processed by the embedded web server, these inputs may cause the device to
respond with HTTP 3xx redirects to attacker-controlled external domains.



This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-601
Source
NVD
Vendor
TP-Link Systems Inc.
Product
Archer AX20 V2.0

External References

Discussion (0)

Add Comment

No comments yet. Be the first!