CVE-2026-10562

EUVD-2026-40410
An
unauthenticated URL redirection vulnerability has been identified in Archer
AX20 V2 due to improper validation of user-supplied URL input within the web
interface.  An unauthenticated attacker
can craft URLs containing URL-encoded path traversal sequences.





When
processed by the embedded web server, these inputs may cause the device to
respond with HTTP 3xx redirects to attacker-controlled external domains.



This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---