CVE-2026-3622

{"id": "CVE-2026-3622", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-26T21:17:09.697", "references": [{"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/5033/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. \n\nSuccessful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.\u00a0\nThis vulnerability affects TL-WR841N v14\u00a0< EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and\u00a0< US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304)."}, {"lang": "es", "value": "La vulnerabilidad existe en el componente UPnP del TL-WR841N v14, donde una validaci\u00f3n de entrada incorrecta conduce a una lectura fuera de l\u00edmites, lo que podr\u00eda causar una ca\u00edda del servicio UPnP.\n\nUna explotaci\u00f3n exitosa puede provocar la ca\u00edda del servicio UPnP, lo que resulta en una condici\u00f3n de Denegaci\u00f3n de Servicio.\nEsta vulnerabilidad afecta a TL-WR841N v14 &lt; EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) y &lt; US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304)."}], "lastModified": "2026-03-30T13:26:50.827", "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}