Archer Ax20 V2 0
Monthly
Open redirect in the TP-Link Archer AX20 V2 embedded web server allows unauthenticated attackers to craft URLs containing URL-encoded path traversal sequences that cause the device to issue HTTP 3xx redirects toward attacker-controlled external domains. All firmware versions through 2.1.9 Build 20230829 on the V2.0 hardware revision are confirmed affected per TP-Link's own advisory and CPE data. No public exploit identified at time of analysis, and a vendor-released patch is available; active exploitation has not been confirmed by CISA KEV.
Open redirect in the TP-Link Archer AX20 V2 embedded web server allows unauthenticated attackers to craft URLs containing URL-encoded path traversal sequences that cause the device to issue HTTP 3xx redirects toward attacker-controlled external domains. All firmware versions through 2.1.9 Build 20230829 on the V2.0 hardware revision are confirmed affected per TP-Link's own advisory and CPE data. No public exploit identified at time of analysis, and a vendor-released patch is available; active exploitation has not been confirmed by CISA KEV.