CVE-2026-9105
Analyzed Analyzed - Analysis Complete

Authenticated Stack-Based Buffer Overflow in TP-Link TL-WR841N Web Interface

Vulnerability report for CVE-2026-9105, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-29

Last updated on: 2026-07-01

Assigner: TPLink

Description

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-07-01
Generated
2026-07-19
AI Q&A
2026-06-29
EPSS Evaluated
2026-07-18
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tp-link tl-wr841n_firmware to 14_260518 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9105 is an authenticated stack-based buffer overflow vulnerability found in the web management interface of the TP-Link TL-WR841N v14 router.

A remote attacker who is authenticated can send specially crafted HTTP requests to the device, causing a stack buffer overflow in the embedded web server.

This overflow causes the affected process to crash, leading to a denial-of-service condition.

Detection Guidance

This vulnerability can be detected by monitoring for unusual crashes or reboots of the TP-Link TL-WR841N v14 device, especially after HTTP requests to its web management interface.

Since the exploit involves sending specially crafted HTTP requests to the embedded web server, network traffic analysis tools can be used to detect suspicious HTTP requests targeting the device's management interface.

However, no specific detection commands or signatures are provided in the available resources.

Impact Analysis

Successful exploitation of this vulnerability results in a denial-of-service condition on the affected device.

The device's embedded web server crashes and the device automatically reboots.

This can cause temporary loss of network connectivity and disruption of services relying on the device.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, users are strongly advised to update their TP-Link TL-WR841N v14 devices to the latest firmware version V14_260518 released by TP-Link.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart