CVE-2026-3622 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting the Universal Plug and Play (UPnP) service in TP-Link Systems Inc.'s TL-WR841N version 14 routers. The root cause is improper input validation within the UPnP component, which allows an attacker to trigger an out-of-bounds read operation. This memory access violation can cause the UPnP service to crash, leading to a denial-of-service condition on the device. The affected firmware versions are those earlier than EN_0.9.1 4.19 Build 260303 Rel.42399n and US_0.9.1.4.19 Build 260312 Rel.49108n. The vulnerability can be exploited remotely without requiring authentication or user interaction, as UPnP typically listens on local network interfaces and sometimes on WAN interfaces if misconfigured. The CVSS v4.0 score is 7.1, indicating high severity, with attack vector being adjacent network (AV:A), low attack complexity, no privileges or user interaction required, and a high impact on availability. No known exploits have been reported in the wild yet. The vulnerability does not affect confidentiality or integrity directly but can disrupt network operations by crashing the UPnP service, which may impact device functionality and connected services relying on UPnP. The vulnerability was reserved on March 6, 2026, and published on March 26, 2026. No official patches or mitigation links are currently provided, indicating that affected users must monitor TP-Link advisories for firmware updates.

The primary impact of CVE-2026-3622 is a denial-of-service condition caused by the crash of the UPnP service on affected TL-WR841N v14 routers. This can disrupt network connectivity and the functionality of devices relying on UPnP for automatic port forwarding and device discovery, potentially affecting home and small office networks. While the vulnerability does not allow direct code execution or data leakage, the loss of UPnP service availability can degrade network performance and user experience. In environments where these routers are used as primary gateways, the DoS could interrupt internet access or internal network services. Additionally, attackers could leverage this vulnerability to cause repeated service disruptions, potentially as part of a larger attack campaign. Given the widespread deployment of TP-Link routers globally, the impact could be significant in regions with high market penetration. The lack of authentication or user interaction requirements lowers the barrier for exploitation, increasing risk. However, the attack vector is adjacent network, so exploitation typically requires access to the local network or a misconfigured router exposing UPnP externally.

To mitigate CVE-2026-3622, organizations and users should: 1) Monitor TP-Link's official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 2) Disable UPnP on the TL-WR841N v14 router if it is not required, as this reduces the attack surface significantly. 3) Restrict UPnP exposure by ensuring it is not accessible from the WAN interface; configure firewall rules to block UPnP traffic from untrusted networks. 4) Segment networks to isolate critical systems from consumer-grade routers vulnerable to such attacks. 5) Regularly audit router configurations and firmware versions to identify and remediate outdated devices. 6) Employ network monitoring to detect unusual UPnP service crashes or network disruptions that may indicate exploitation attempts. 7) Consider replacing legacy or unsupported routers with devices that receive regular security updates and have robust security features. These steps go beyond generic advice by focusing on UPnP-specific controls and network architecture adjustments to reduce risk.