CVE-2026-1315
- EPSS 0.14%
- Veröffentlicht 27.01.2026 17:53:29
- Zuletzt bearbeitet 11.03.2026 22:19:43
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of s...
CVE-2026-0919
- EPSS 0.15%
- Veröffentlicht 27.01.2026 17:52:39
- Zuletzt bearbeitet 29.04.2026 17:16:40
The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and ser...
CVE-2026-0918
- EPSS 0.04%
- Veröffentlicht 27.01.2026 17:52:04
- Zuletzt bearbeitet 29.04.2026 01:16:02
The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main ser...