CVE Catalog

CVE-2026-9105

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile — higher than 42% of all known CVEs

Summary

A stack-based buffer overflow vulnerability in the web management interface of TP-Link TL-WR841N v14 allows an authenticated remote attacker to crash the device by sending a crafted HTTP request. Successful exploitation leads to a denial-of-service condition, causing the device to crash and automatically reboot.

Risk Assessment

The risk is that an authenticated attacker can remotely disable the router, potentially disrupting the local network and affecting service availability for users.

Recommendation

It is recommended to immediately apply a firmware update from the vendor if available, or restrict access to the management interface to trusted IP addresses only.

Original NVD description (English source)

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS