CVE-2026-9105

MEDIUM

Authenticated Stack-Based Buffer Overflow in TP-Link TL-WR841N Web Interface

Title source: cna
STIX 2.1

Description

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot.

Scores

CVSS v3 6.5
EPSS 0.0055
EPSS Percentile 42.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-121 CWE-787
Status published
Products (2)
tp-link/tl-wr841n_firmware < 14_260518
TP-Link Systems Inc./TL-WR841N v14 < V14_260518
Published Jun 29, 2026
Tracked Since Jun 29, 2026