CVE-2026-9105
Received Received - Intake

Authenticated Stack-Based Buffer Overflow in TP-Link TL-WR841N Web Interface

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: TPLink

Description
An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-9105
EUVD
EUVD-2026-40136

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tp-link tl-wr841n 14
tp-link tl-wr841n to 14_260518 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9105 is an authenticated stack-based buffer overflow vulnerability found in the web management interface of the TP-Link TL-WR841N v14 router.

A remote attacker who is authenticated can send specially crafted HTTP requests to the device, causing a stack buffer overflow in the embedded web server.

This overflow causes the affected process to crash, leading to a denial-of-service condition.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

Successful exploitation of this vulnerability results in a denial-of-service condition on the affected device.

The device's embedded web server crashes and the device automatically reboots.

This can cause temporary loss of network connectivity and disruption of services relying on the device.

Mitigation Strategies

To mitigate this vulnerability, users are strongly advised to update their TP-Link TL-WR841N v14 devices to the latest firmware version V14_260518 released by TP-Link.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart