7.1

CVE-2026-8714

Denial-of-Service Vulnerability in RTSP Input Handling on TP-Link's Tapo C520WS

A denial-of-service
vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of
syntactically invalid input.  Crafted inputs
can trigger a processing error, causing the RTSP service to enter non-responsive
state.





Successful
exploitation may cause the RTSP in a denial-of-service condition.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTP-Link Systems Inc.
Produkt Tapo C520WS v2
Default Statusunaffected
Version 0
Version < 1.2.6 Build 260528 Rel.60422n
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.106
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
f23511db-6c3e-4e32-a477-6aa17d310630 7.1 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.tp-link.com/us/support/download/tapo-c520ws/v2/#Firmware-Release-Notes
https://www.tp-link.com/en/support/download/tapo-c520ws/v2/#Firmware-Release-Notes
https://www.tp-link.com/us/support/faq/5118/