CVE-2026-3622
Received Received - Intake
Out-of-Bounds Read in TL-WR841N UPnP Causes DoS

Publication date: 2026-03-26

Last updated on: 2026-03-31

Assigner: TPLink

Description
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.Β  This vulnerability affects TL-WR841N v14Β < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) andΒ < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3622
EUVD
EUVD-2026-16419
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link tl-wr841n_firmware to 0.9.1_4.19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-3622 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The vulnerability exists in the UPnP component of the TP-Link TL-WR841N router version 14. It is caused by improper input validation that leads to an out-of-bounds read within the UPnP service.

This flaw can cause the UPnP service to crash, resulting in a Denial-of-Service (DoS) condition.

Impact Analysis

Successful exploitation of this vulnerability can cause the UPnP service on the affected router to crash.

This crash results in a Denial-of-Service condition, meaning the UPnP functionality will be unavailable, potentially disrupting network services that rely on it.

Mitigation Strategies

To mitigate the CVE-2026-3622 vulnerability, it is strongly recommended to update the TL-WR841N v14 router firmware to the latest version available on the official TP-Link website.

As a temporary workaround before applying the firmware update, disabling the UPnP feature on the device may reduce exposure to the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3622. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart