CVE-2026-3622
Out-of-Bounds Read in TL-WR841N UPnP Causes DoS
Publication date: 2026-03-26
Last updated on: 2026-03-31
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tl-wr841n_firmware | to 0.9.1_4.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-3622 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The vulnerability exists in the UPnP component of the TP-Link TL-WR841N router version 14. It is caused by improper input validation that leads to an out-of-bounds read within the UPnP service.
This flaw can cause the UPnP service to crash, resulting in a Denial-of-Service (DoS) condition.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can cause the UPnP service on the affected router to crash.
This crash results in a Denial-of-Service condition, meaning the UPnP functionality will be unavailable, potentially disrupting network services that rely on it.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-3622 vulnerability, it is strongly recommended to update the TL-WR841N v14 router firmware to the latest version available on the official TP-Link website.
As a temporary workaround before applying the firmware update, disabling the UPnP feature on the device may reduce exposure to the vulnerability.