Tp-link

Tapo C520ws Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-34124

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 17:20:20
  • Zuletzt bearbeitet 06.04.2026 20:22:38

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during ...

6.5

CVE-2026-34122

  • EPSS 0.02%
  • Veröffentlicht 02.04.2026 17:20:12
  • Zuletzt bearbeitet 06.04.2026 20:23:49

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value ...

8.8

CVE-2026-34121

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 02.04.2026 17:20:06
  • Zuletzt bearbeitet 06.04.2026 20:24:48

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthen...

6.5

CVE-2026-34120

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 17:19:58
  • Zuletzt bearbeitet 06.04.2026 20:26:04

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An ...

6.5

CVE-2026-34119

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 17:19:50
  • Zuletzt bearbeitet 06.04.2026 20:26:38

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when ha...

6.5

CVE-2026-34118

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 17:19:43
  • Zuletzt bearbeitet 06.04.2026 20:26:55

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when ha...

7.5

CVE-2026-1315

  • EPSS 0.14%
  • Veröffentlicht 27.01.2026 17:53:29
  • Zuletzt bearbeitet 11.03.2026 22:19:43

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of s...

7.5

CVE-2026-0919

  • EPSS 0.15%
  • Veröffentlicht 27.01.2026 17:52:39
  • Zuletzt bearbeitet 29.04.2026 17:16:40

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and ser...

7.5

CVE-2026-0918

  • EPSS 0.04%
  • Veröffentlicht 27.01.2026 17:52:04
  • Zuletzt bearbeitet 29.04.2026 01:16:02

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main ser...