CVE-2026-10562 PUBLISHED

Unauthenticated Open Redirect Vulnerability on TP-Link Archer AX20 Web Interface

Assigner: TPLink
Reserved: 01.06.2026 Published: 30.06.2026 Updated: 30.06.2026

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface.  An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences.

When processed by the embedded web server, these inputs may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains.

This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 5.9

Product Status

Vendor TP-Link Systems Inc.
Product Archer AX20 V2.0
Versions Default: unaffected
  • affected from 0 to V2_260527 (excl.)

Credits

  • VeyselXan (Cyb3rLynx) finder

References

Problem Types

  • CWE-601 URL redirection to untrusted site ('open redirect') CWE

Impacts

  • CAPEC-194 Fake the Source of Data