{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3622", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2026-03-06T00:09:48.566Z", "datePublished": "2026-03-26T20:34:36.490Z", "dateUpdated": "2026-03-26T20:34:36.490Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-03-26T20:34:36.490Z"}, "title": "Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "TL-WR841N v14", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "0.9.1 4.19", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0< US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n<br>Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.&nbsp;<br><div>This vulnerability affects TL-WR841N v14&nbsp;<span>&lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and&nbsp;</span><span>&lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).</span></div>"}]}], "references": [{"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/5033/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0< US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304)."}], "id": "CVE-2026-3622", "lastModified": "2026-03-26T21:17:09.697", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-03-26T21:17:09.697", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/faq/5033/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.9.1 4.19)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "TL-WR841N v14", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "tl-wr841n_v14", "vendor": "tp-link"}], "analysis": {"en": {"generated_at": "2026-03-26T22:25:34.198622+00:00", "value": {"mitigation_remediation": ["Update the TL\u2011WR841N firmware to the latest v14 release that addresses the UPnP crash issue;", "If a firmware update is not possible, disable the UPnP feature in the router\u2019s settings to eliminate the attack surface;", "Monitor router logs for repeated UPnP service crashes as an indicator of attempted exploitation;", "Consider replacing the router with a newer model that has an updated UPnP implementation if the firmware cannot be upgraded."], "summary": {"action": "Immediate Patch", "impact": "Denial-of-Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects TP\u2011Link Systems Inc. TL\u2011WR841N routers running firmware v14, specifically builds earlier than EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and earlier than US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304). Any device with these firmware versions is susceptible.", "description_and_impact": "Improper input validation in the UPnP component of the TL\u2011WR841N v14 firmware allows an attacker to send a crafted packet that causes an out\u2011of\u2011bounds read, leading the UPnP service to crash. The crash results in a denial of service condition for the UPnP service, disrupting network functions that rely on it. The weakness corresponds to CWE-125, an out\u2011of\u2011bounds read scenario.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a moderate to high impact, with no credential or privilege escalation required beyond network access to the router. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the attack is straightforward: an attacker sending malformed UPnP traffic can trigger the crash. Consequently, the risk is significant for environments relying on continuous UPnp service availability."}}}}, "created": "2026-03-27T08:32:01.418029+00:00", "updated": "2026-03-27T09:23:29.389707+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$tl-wr841n_v14"]}