CVE-2025-8065

Medienbericht

EPSS 0.08%
Veröffentlicht 20.12.2025 00:41:56
Zuletzt bearbeitet 03.04.2026 17:16:41
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

Remote Code Execution via Stack-based Buffer Overflow in ONVIF SOAP Parser in TP-Link Tapo C200 and C520WS

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer.  It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. 

An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 9

NVD 12 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Tapo C200 Firmware Version1.3.3 Updatebuild_230228

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.4 Updatebuild_230424

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.5 Updatebuild_230717

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.7 Updatebuild_230920

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.9 Updatebuild_231019

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.11 Updatebuild_231115

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.13 Updatebuild_240327

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.14 Updatebuild_240513

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.3.15 Updatebuild_240715

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.4.1 Updatebuild_241212

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.4.2 Updatebuild_250313

Tp-link ≫ Tapo C200 Version3

Tp-link ≫ Tapo C200 Firmware Version1.4.4 Updatebuild_250922

Tp-link ≫ Tapo C200 Version3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.238

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f23511db-6c3e-4e32-a477-6aa17d310630	8.7	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.heise.de/news/l-f-Reverse-Engineering-Schritt-fuer-Schritt-KI-hilft-auch-mit-11122535.html

Media Report

https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes

Release Notes

https://www.tp-link.com/us/support/faq/4849/

Vendor Advisory

https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes

https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes

https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-8065

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-8065

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-8065

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-8065