CVE-2026-3622 (GCVE-0-2026-3622)
Vulnerability from cvelistv5 – Published: 2026-03-26 20:34 – Updated: 2026-03-27 19:39
VLAI?
Title
Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N
Summary
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service.
Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.
This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).
Severity ?
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | TL-WR841N v14 |
Affected:
0 , < 0.9.1 4.19
(custom)
|
Credits
Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T19:28:42.478378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:39:21.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "TL-WR841N v14",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.9.1 4.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\u003cbr\u003eSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u0026nbsp;\u003cbr\u003e\u003cdiv\u003eThis vulnerability affects TL-WR841N v14\u0026nbsp;\u003cspan\u003e\u0026lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u0026nbsp;\u003c/span\u003e\u003cspan\u003e\u0026lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0\u003c EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0\u003c US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304)."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T20:34:36.490Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware"
},
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5033/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service Vulnerability in UPnP Component of TP Link\u0027s TL-WR841N",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-3622",
"datePublished": "2026-03-26T20:34:36.490Z",
"dateReserved": "2026-03-06T00:09:48.566Z",
"dateUpdated": "2026-03-27T19:39:21.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-3622",
"date": "2026-04-17",
"epss": "0.00046",
"percentile": "0.13935"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-3622\",\"sourceIdentifier\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"published\":\"2026-03-26T21:17:09.697\",\"lastModified\":\"2026-03-31T19:09:04.387\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \\n\\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\\nThis vulnerability affects TL-WR841N v14\u00a0\u003c EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0\u003c US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad existe en el componente UPnP del TL-WR841N v14, donde una validaci\u00f3n de entrada incorrecta conduce a una lectura fuera de l\u00edmites, lo que podr\u00eda causar una ca\u00edda del servicio UPnP.\\n\\nUna explotaci\u00f3n exitosa puede provocar la ca\u00edda del servicio UPnP, lo que resulta en una condici\u00f3n de Denegaci\u00f3n de Servicio.\\nEsta vulnerabilidad afecta a TL-WR841N v14 \u0026lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) y \u0026lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.1_4.19\",\"matchCriteriaId\":\"B8FFCB9A-B16E-496A-A213-2886E262CFDC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tp-link:tl-wr841n:14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74FA034-63F6-4F9E-BC24-364B94732E29\"}]}]}],\"references\":[{\"url\":\"https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware\",\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"tags\":[\"Product\"]},{\"url\":\"https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware\",\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"tags\":[\"Product\"]},{\"url\":\"https://www.tp-link.com/us/support/faq/5033/\",\"source\":\"f23511db-6c3e-4e32-a477-6aa17d310630\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3622\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T19:28:42.478378Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T19:30:53.009Z\"}}], \"cna\": {\"title\": \"Denial-of-Service Vulnerability in UPnP Component of TP Link\u0027s TL-WR841N\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany\"}], \"impacts\": [{\"capecId\": \"CAPEC-540\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-540 Overread Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TP-Link Systems Inc.\", \"product\": \"TL-WR841N v14\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.9.1 4.19\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.tp-link.com/us/support/faq/5033/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \\n\\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\\u00a0\\nThis vulnerability affects TL-WR841N v14\\u00a0\u003c EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\\u00a0\u003c US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \\n\u003cbr\u003eSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u0026nbsp;\u003cbr\u003e\u003cdiv\u003eThis vulnerability affects TL-WR841N v14\u0026nbsp;\u003cspan\u003e\u0026lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u0026nbsp;\u003c/span\u003e\u003cspan\u003e\u0026lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).\u003c/span\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds read\"}]}], \"providerMetadata\": {\"orgId\": \"f23511db-6c3e-4e32-a477-6aa17d310630\", \"shortName\": \"TPLink\", \"dateUpdated\": \"2026-03-26T20:34:36.490Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-3622\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T19:39:21.225Z\", \"dateReserved\": \"2026-03-06T00:09:48.566Z\", \"assignerOrgId\": \"f23511db-6c3e-4e32-a477-6aa17d310630\", \"datePublished\": \"2026-03-26T20:34:36.490Z\", \"assignerShortName\": \"TPLink\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…