CVE-2026-3622 PUBLISHED

Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N

Assigner: TPLink
Reserved: 06.03.2026 Published: 26.03.2026 Updated: 26.03.2026

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service.

Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.  This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor TP-Link Systems Inc.
Product TL-WR841N v14
Versions Default: unaffected
  • affected from 0 to 0.9.1 4.19 (excl.)

Credits

  • Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany finder

References

Problem Types

  • CWE-125 Out-of-bounds read CWE

Impacts

  • CAPEC-540 Overread Buffers