CVE-2026-3622
Published: 26 March 2026
Summary
CVE-2026-3622 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Tp-Link Tl-Wr841N Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly addresses the improper input validation in the UPnP component by requiring validation mechanisms at input points to block malformed data causing out-of-bounds reads.
SI-2 mandates timely identification and patching of flaws like this UPnP vulnerability through firmware updates to eliminate the out-of-bounds read issue.
SC-5 limits the effects of denial-of-service events such as the UPnP service crash resulting from exploitation of the out-of-bounds read.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote unauthenticated exploitation of UPnP (public-facing service) via malformed input to trigger OOB read crash, directly mapping to T1190 for initial access and T1499.004 for resulting application/system DoS via exploitation.
NVD Description
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service…
more
condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).
Deeper analysisAI
CVE-2026-3622 is a vulnerability in the UPnP component of TP-Link TL-WR841N v14 routers, stemming from improper input validation that triggers an out-of-bounds read (CWE-125). This flaw affects firmware versions prior to EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) for international models and US_0.9.1.4.19 Build 260312 Rel.49108n (V14_0304) for US models. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact availability disruption without requiring authentication or user interaction.
Attackers can exploit this vulnerability remotely over the network by sending malformed input to the UPnP service, causing an out-of-bounds read that crashes the service and results in a denial-of-service condition. No privileges are needed, and the low attack complexity makes it accessible to unauthenticated remote actors who can reach the device's UPnP interface, typically exposed if UPnP is enabled.
TP-Link advisories recommend updating to the specified firmware versions or later, available via their support download pages for TL-WR841N v14 (EN and US variants). Additional guidance is provided in their FAQ at https://www.tp-link.com/us/support/faq/5033/, which likely details patching and configuration steps to mitigate the issue.
Details
- CWE(s)