CVE-2026-1315
- EPSS 0.16%
- Veröffentlicht 27.01.2026 17:53:29
- Zuletzt bearbeitet 11.03.2026 22:19:43
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of s...
CVE-2026-0919
- EPSS 0.12%
- Veröffentlicht 27.01.2026 17:52:39
- Zuletzt bearbeitet 11.03.2026 22:23:40
The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service rest...
CVE-2026-0918
- EPSS 0.03%
- Veröffentlicht 27.01.2026 17:52:04
- Zuletzt bearbeitet 16.03.2026 18:16:06
The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service proc...