Description
An
unauthenticated URL redirection vulnerability has been identified in Archer
AX20 V2 due to improper validation of user-supplied URL input within the web
interface.  An unauthenticated attacker
can craft URLs containing URL-encoded path traversal sequences.





When
processed by the embedded web server, these inputs may cause the device to
respond with HTTP 3xx redirects to attacker-controlled external domains.



This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.
Published: 2026-06-30
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated open‑redirect flaw exists in the Archer AX20 V2 web interface due to inadequate validation of user‑supplied URLs. An attacker may craft a request containing a URL‑encoded path traversal sequence that causes the router to issue an HTTP 3xx redirect to a domain chosen by the attacker. This can lead to phishing or malicious site visits by users who interact with the router’s interface, compromising the confidentiality of exposed credentials or enabling session hijacking. The weakness is a classic CWE‑601 flaw that permits redirection to arbitrary external resources.

Affected Systems

The vulnerability affects TP‑Link Archer AX20 devices running firmware version V2.0 through V2.1.9 Build 20230829. Only the identified firmware range is impacted; newer releases after this build are not known to be affected.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity. No EPSS information is available, and the vulnerability is not listed in CISA KEV, suggesting no known widespread exploitation. The attack requires an unauthenticated user to trigger the redirect, typically by clicking a manipulated link; thus, the probability of accidental exploitation is low but the impact on users who do click is real. Network operators should treat this as a moderate risk that could be mitigated by patching or access controls.

Generated by OpenCVE AI on June 30, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Archer AX20 firmware to the latest release that fixes the open‑redirect issue
  • Restrict access to the router’s management interface to trusted IP ranges or disable remote management if not needed
  • Configure a web filtering or firewall rule to block unexpected HTTP 3xx redirects to external domains

Generated by OpenCVE AI on June 30, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface.  An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web server, these inputs may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains. This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.
Title Unauthenticated Open Redirect Vulnerability on TP-Link Archer AX20 Web Interface
Weaknesses CWE-601
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-06-30T20:34:43.577Z

Reserved: 2026-06-01T15:52:40.939Z

Link: CVE-2026-10562

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')