7.1

CVE-2026-12760

Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkTapo C200 Firmware Version1.3.3 Updatebuild_230228
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.4 Updatebuild_230424
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.5 Updatebuild_230717
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.7 Updatebuild_230920
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.9 Updatebuild_231019
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.11 Updatebuild_231115
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.13 Updatebuild_240327
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.14 Updatebuild_240513
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.3.15 Updatebuild_240715
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.4.1 Updatebuild_241212
   Tp-linkTapo C200 Version3
Tp-linkTapo C200 Firmware Version1.4.2 Updatebuild_250313
   Tp-linkTapo C200 Version3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.127
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f23511db-6c3e-4e32-a477-6aa17d310630 7.1 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes
Release Notes
https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes
Release Notes
https://www.tp-link.com/us/support/faq/5143/
Vendor Advisory