Security Advisory on Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N (CVE-2026-3622)
301 Vulnerability and Impact Description:
CVE-2026-3622
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service.
Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.
CVSS v4.0 Score: 7.1 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected Version |
|
TL-WR841N v14 |
< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304) |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerability:
EN: Download for TL-WR841N | TP-Link
US: Download for TL-WR841N | TP-Link
Workaround:
Disable UPnP, if operationally feasible, may reduce exposure until updated firmware is deployed.
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.