Sign-up

ID

VAR-202603-5074


CVE

CVE-2026-3622


TITLE

TP-LINK Technologies of TL-WR841N  Out-of-bounds read vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575

DESCRIPTION

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.   This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304). DoS This causes the following condition. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-3622 // JVNDB: JVNDB-2026-009575

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr841nscope:ltversion:0.9.1_4.19

Trust: 1.0

vendor:tp linkmodel:tl-wr841nscope:eqversion:tl-wr841n firmware 0.9.1_4.19

Trust: 0.8

vendor:tp linkmodel:tl-wr841nscope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:tl-wr841nscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575 // NVD: CVE-2026-3622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-3622
value: HIGH

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2026-3622
value: HIGH

Trust: 1.0

NVD: CVE-2026-3622
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2026-3622
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-3622
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575 // NVD: CVE-2026-3622 // NVD: CVE-2026-3622

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575 // NVD: CVE-2026-3622

PATCH

title:Security Advisory on Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N (CVE-2026-3622) | TP-Linkurl:https://www.tp-link.com/us/support/faq/5033/

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575

EXTERNAL IDS

db:NVDid:CVE-2026-3622

Trust: 2.6

db:JVNDBid:JVNDB-2026-009575

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575 // NVD: CVE-2026-3622

REFERENCES

url:https://www.tp-link.com/us/support/download/tl-wr841n/v14/#firmware

Trust: 1.8

url:https://www.tp-link.com/en/support/download/tl-wr841n/v14/#firmware

Trust: 1.8

url:https://www.tp-link.com/us/support/faq/5033/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3622

Trust: 0.8

sources: JVNDB: JVNDB-2026-009575 // NVD: CVE-2026-3622

SOURCES

db:JVNDBid:JVNDB-2026-009575
db:NVDid:CVE-2026-3622

LAST UPDATE DATE

2026-04-03T23:38:45.358000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-009575date:2026-04-02T01:37:00
db:NVDid:CVE-2026-3622date:2026-03-31T19:09:04.387

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-009575date:2026-04-02T00:00:00
db:NVDid:CVE-2026-3622date:2026-03-26T21:17:09.697