6.8

CVE-2026-6240

Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a  crafted malicious request containing an excessive number of identifiers to overflow stack memory.

Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTP-Link Systems Inc.
Produkt Tapo C520WS v2
Default Statusunaffected
Version 0
Version < 1.2.6 Build 260528
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
f23511db-6c3e-4e32-a477-6aa17d310630 6.8 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes
https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes
https://www.tp-link.com/us/support/faq/5120/