ID

VAR-202606-6113


CVE

CVE-2026-9105


TITLE

TP-LINK Technologies of TL-WR841N  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998

DESCRIPTION

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot. An authenticated remote attacker can exploit this vulnerability with a specially crafted weapon. If exploited successfully, this can lead to a denial of service. DoS The device enters this state, crashes, and automatically restarts.- No information handled by the software will be leaked to external parties. - No information handled by the software will be rewritten. - The software may completely shut down

Trust: 1.62

sources: NVD: CVE-2026-9105 // JVNDB: JVNDB-2026-021998

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr841nscope:ltversion:14_260518

Trust: 1.0

vendor:tp linkmodel:tl-wr841nscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-wr841nscope:eqversion:tl-wr841n firmware 14_260518

Trust: 0.8

vendor:tp linkmodel:tl-wr841nscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998 // NVD: CVE-2026-9105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-9105
value: MEDIUM

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2026-9105
value: MEDIUM

Trust: 1.0

NVD: CVE-2026-9105
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2026-9105
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-9105
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998 // NVD: CVE-2026-9105 // NVD: CVE-2026-9105

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998 // NVD: CVE-2026-9105

PATCH

title:Security Advisoryurl:https://www.tp-link.com/us/support/faq/5152/

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998

EXTERNAL IDS

db:NVDid:CVE-2026-9105

Trust: 2.6

db:JVNDBid:JVNDB-2026-021998

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998 // NVD: CVE-2026-9105

REFERENCES

url:https://www.tp-link.com/us/support/download/tl-wr841n/v14/#firmware

Trust: 1.8

url:https://www.tp-link.com/en/support/download/tl-wr841n/v14/#firmware

Trust: 1.8

url:https://www.tp-link.com/us/support/faq/5152/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-9105

Trust: 0.8

sources: JVNDB: JVNDB-2026-021998 // NVD: CVE-2026-9105

SOURCES

db:JVNDBid:JVNDB-2026-021998
db:NVDid:CVE-2026-9105

LAST UPDATE DATE

2026-07-05T23:57:10.606000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021998date:2026-07-03T01:17:00
db:NVDid:CVE-2026-9105date:2026-07-01T19:57:52.293

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021998date:2026-07-03T00:00:00
db:NVDid:CVE-2026-9105date:2026-06-29T16:16:44.980