CVE-2026-3622 HIGH

CVE-2026-3622: Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N

Vendor Tp-Link Systems Inc.
Product TL-WR841N v14
Weakness CWE-125
Published March 26, 2026
Last update March 27, 2026

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.  This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).

Key dates

02Disclosure timeline

March 26, 2026 CVE published
March 27, 2026 Record updated