Home

Description

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).

PUBLISHED Reserved 2026-03-06 | Published 2026-03-26 | Updated 2026-03-27 | Assigner TPLink




HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-125 Out-of-bounds read

Product status

Default status
unaffected

Any version before 0.9.1 4.19
affected

Credits

Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany finder

References

www.tp-link.com/en/support/download/tl-wr841n/v14/ patch

www.tp-link.com/us/support/download/tl-wr841n/v14/ patch

www.tp-link.com/us/support/faq/5033/ vendor-advisory

cve.org (CVE-2026-3622)

nvd.nist.gov (CVE-2026-3622)

Download JSON