Denial-of-Service Vulnerability in TL-WR841N V14 by TP-Link
CVE-2026-3622

7.1HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Tl-wr841n V14
Vendor
CVE Published:
26 March 2026

What is CVE-2026-3622?

The identified vulnerability resides in the UPnP component of the TL-WR841N version 14 router. It is caused by improper input validation, allowing an attacker to perform an out-of-bounds read, which may lead to a crash of the UPnP service. If successfully exploited, this flaw can trigger a Denial-of-Service condition, disrupting service availability for devices relying on the UPnP functionality. Users are strongly advised to update to the latest firmware to mitigate potential risks.

Affected Version(s)

TL-WR841N v14 Linux 0 < 0.9.1 4.19

References

https://www.tp-link.com/en/support/download/tl-wr841n/v14...
patch
https://www.tp-link.com/us/support/download/tl-wr841n/v14...
patch
https://www.tp-link.com/us/support/faq/5033/
vendor-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Md Sharafatullah Zomadder, Professor Rahamatullah Khondoker, Dept. of Business Informatics, THM University of Applied Sciences, Friedberg, Germany
.