{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3622", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2026-03-06T00:09:48.566Z", "datePublished": "2026-03-26T20:34:36.490Z", "dateUpdated": "2026-03-27T19:39:21.225Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-03-26T20:34:36.490Z"}, "title": "Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "TL-WR841N v14", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "0.9.1 4.19", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0< US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n<br>Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.&nbsp;<br><div>This vulnerability affects TL-WR841N v14&nbsp;<span>&lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and&nbsp;</span><span>&lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).</span></div>"}]}], "references": [{"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/5033/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:28:42.478378Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:39:21.225Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:28:42.478378Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:30:53.009Z"}}], "cna": {"title": "Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany"}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "TL-WR841N v14", "versions": [{"status": "affected", "version": "0", "lessThan": "0.9.1 4.19", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/5033/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0< US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).", "supportingMedia": [{"type": "text/html", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n<br>Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.&nbsp;<br><div>This vulnerability affects TL-WR841N v14&nbsp;<span>&lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and&nbsp;</span><span>&lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).</span></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-03-26T20:34:36.490Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3622", "state": "PUBLISHED", "dateUpdated": "2026-03-27T19:39:21.225Z", "dateReserved": "2026-03-06T00:09:48.566Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2026-03-26T20:34:36.490Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8FFCB9A-B16E-496A-A213-2886E262CFDC", "versionEndExcluding": "0.9.1_4.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wr841n:14:*:*:*:*:*:*:*", "matchCriteriaId": "D74FA034-63F6-4F9E-BC24-364B94732E29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0< US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304)."}, {"lang": "es", "value": "La vulnerabilidad existe en el componente UPnP del TL-WR841N v14, donde una validaci\u00f3n de entrada incorrecta conduce a una lectura fuera de l\u00edmites, lo que podr\u00eda causar una ca\u00edda del servicio UPnP.\n\nUna explotaci\u00f3n exitosa puede provocar la ca\u00edda del servicio UPnP, lo que resulta en una condici\u00f3n de Denegaci\u00f3n de Servicio.\nEsta vulnerabilidad afecta a TL-WR841N v14 &lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) y &lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304)."}], "id": "CVE-2026-3622", "lastModified": "2026-03-31T19:09:04.387", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-03-26T21:17:09.697", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/support/faq/5033/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.9.1 4.19)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "TL-WR841N v14", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "tl-wr841n_v14", "vendor": "tp-link"}], "analysis": {"en": {"generated_at": "2026-04-01T03:23:16.780549+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware release from TP\u2011Link that includes the UPnP fix.", "If no patch is available yet, disable the UPnP service via the router\u2019s administrative interface.", "Configure the router firewall to block incoming UPnP traffic as a temporary protection.", "Monitor the router logs for UPnP crash events and confirm service stability after remediation."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Attackers can impact TP\u2011Link TL\u2011Wr841n routers with firmware versions before EN_0.9.1\u202f4.19\u202fBuild\u202f260303\u202fRel.42399n (V14_260303) and before US_0.9.1.4.19\u202fBuild\u202f260312\u202fRel.49108n (V14_0304). They are all identified as product TL\u2011Wr841n version 14 and are issued by TP\u2011Link Systems Inc.", "description_and_impact": "The vulnerability arises from improper validation of UPnP input on TP\u2011Link TL\u2011Wr841n routers running firmware v14. Malformed data can trigger an out\u2011of\u2011bounds read, causing the UPnP daemon to crash. As a result, the device\u2019s UPnP functionality becomes unavailable, effectively denying legitimate network traffic that relies on UPnP discovery or configuration. The weakness is a classic buffer overread (CWE\u2011125).", "risk_and_exploitability": "The CVSS base score of 7.1 conveys high severity, while the EPSS score indicates that active exploitation is unlikely to be widespread (<1\u202f%). The vulnerability is not part of the CISA KEV catalog. Exploitation requires network access to the UPnP port and a crafted request. A successful exploit would continuously bring the UPnP service down, causing a denial of service that affects only the router\u2019s service layer and not the underlying firmware. While the impact does not lead to code execution, repeated service crashes can degrade network usability for affected users."}}}}, "created": "2026-03-27T08:32:01.418029+00:00", "updated": "2026-04-02T07:56:20.304025+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$tl-wr841n_v14"]}