HOMEVULNERABILITIESCVE-2026-10562
MEDIUM

CVE-2026-10562

CWE-601Published: June 30, 2026· Updated: Jul 2, 2026

5.9
CVSS v3.1

Official Description

An

unauthenticated URL redirection vulnerability has been identified in Archer

AX20 V2 due to improper validation of user-supplied URL input within the web

interface.  An unauthenticated attacker

can craft URLs containing URL-encoded path traversal sequences.

When

processed by the embedded web server, these inputs may cause the device to

respond with HTTP 3xx redirects to attacker-controlled external domains.

This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.

NVD Source

Technical Analysis

CVE-2026-10562 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation does not require any privileges, though user interaction (A) is needed, which slightly reduces the risk of mass automated attacks.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionA
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-10562
CVSS Score5.9 / 10
SeverityMEDIUM
WeaknessCWE-601
CISA KEVNo
PublishedJun 30, 2026

Related CVEs (CWE-601)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-10562 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.