Skip to main content

Archer Ax20 V2 0

1 CVEs product

Monthly

CVE-2026-10562 MEDIUM PATCH This Month

Open redirect in the TP-Link Archer AX20 V2 embedded web server allows unauthenticated attackers to craft URLs containing URL-encoded path traversal sequences that cause the device to issue HTTP 3xx redirects toward attacker-controlled external domains. All firmware versions through 2.1.9 Build 20230829 on the V2.0 hardware revision are confirmed affected per TP-Link's own advisory and CPE data. No public exploit identified at time of analysis, and a vendor-released patch is available; active exploitation has not been confirmed by CISA KEV.

Path Traversal Open Redirect Archer Ax20 V2 0
NVD
CVSS 4.0
5.9
EPSS
0.3%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Open redirect in the TP-Link Archer AX20 V2 embedded web server allows unauthenticated attackers to craft URLs containing URL-encoded path traversal sequences that cause the device to issue HTTP 3xx redirects toward attacker-controlled external domains. All firmware versions through 2.1.9 Build 20230829 on the V2.0 hardware revision are confirmed affected per TP-Link's own advisory and CPE data. No public exploit identified at time of analysis, and a vendor-released patch is available; active exploitation has not been confirmed by CISA KEV.

Path Traversal Open Redirect Archer Ax20 V2 0
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy