CVE-2026-9105
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
A stack-based buffer overflow vulnerability in the web management interface of TP-Link TL-WR841N v14 allows an authenticated remote attacker to crash the device by sending a crafted HTTP request. Successful exploitation leads to a denial-of-service condition, causing the device to crash and automatically reboot.
Risk Assessment
The risk is that an authenticated attacker can remotely disable the router, potentially disrupting the local network and affecting service availability for users.
Recommendation
It is recommended to immediately apply a firmware update from the vendor if available, or restrict access to the management interface to trusted IP addresses only.
Original NVD description (English source)
An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot.

