Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service.
Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).
AnalysisAI
An out-of-bounds read vulnerability in the UPnP service of TP-Link TL-WR841N v14 routers enables adjacent network attackers to crash the UPnP daemon without authentication, resulting in denial of service. Affected devices include firmware versions prior to EN_0.9.1 4.19 Build 260303 and US_0.9.1.4.19 Build 260312. Vendor patches are available. No public exploit identified at time of analysis, with CVSS:4.0 scoring 7.1 (High) reflecting adjacent network access requirements and high availability impact.
Technical ContextAI
This vulnerability affects the Universal Plug and Play (UPnP) implementation in TP-Link TL-WR841N version 14 wireless routers (CPE: cpe:2.3:a:tp-link_systems_inc.:tl-wr841n_v14). The root cause is classified as CWE-125 (Out-of-bounds Read), a memory safety issue where the UPnP service reads data past the boundaries of allocated memory buffers due to improper input validation. UPnP is a network protocol suite that enables automatic device discovery and service configuration on local networks. When the UPnP service fails to properly validate incoming network requests, specially crafted packets can trigger reads beyond valid memory regions, causing the service to crash. The vulnerability manifests specifically in the UPnP component's packet processing logic, where boundary checks are insufficient or absent during input parsing operations.
RemediationAI
Upgrade TP-Link TL-WR841N v14 firmware to version EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) or later for English/European models, or US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304) or later for US models. Firmware updates are available from the vendor download pages at https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware and https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware. As an interim mitigation until patching is completed, disable UPnP functionality in the router administration interface if it is not required for network operations, reducing the attack surface. Additionally, ensure strong WiFi authentication (WPA2/WPA3) and disable guest network access to limit potential adjacent network attackers. Review and restrict administrative access to the router to trusted devices only via MAC address filtering or similar access controls.
More in Tl Wr841n V14
View allSame weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16419
GHSA-hhj2-6q7v-v5hc