Tp-link

Tapo C520ws

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.17%
  • Veröffentlicht 05.06.2026 23:52:36
  • Zuletzt bearbeitet 08.06.2026 15:01:06

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subs...

  • EPSS 0.16%
  • Veröffentlicht 05.06.2026 23:52:18
  • Zuletzt bearbeitet 08.06.2026 15:01:06

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ON...

  • EPSS 0.18%
  • Veröffentlicht 05.06.2026 23:51:39
  • Zuletzt bearbeitet 08.06.2026 15:01:06

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious reques...

  • EPSS 0.18%
  • Veröffentlicht 05.06.2026 23:50:59
  • Zuletzt bearbeitet 08.06.2026 15:01:06

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially ...

  • EPSS 0.15%
  • Veröffentlicht 05.06.2026 23:50:40
  • Zuletzt bearbeitet 08.06.2026 15:01:06

On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage le...

  • EPSS 0.21%
  • Veröffentlicht 05.06.2026 16:14:28
  • Zuletzt bearbeitet 05.06.2026 19:03:48

A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input.  Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive ...

  • EPSS 0.3%
  • Veröffentlicht 02.04.2026 17:20:20
  • Zuletzt bearbeitet 06.04.2026 20:22:38

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during ...

  • EPSS 0.26%
  • Veröffentlicht 02.04.2026 17:20:12
  • Zuletzt bearbeitet 06.04.2026 20:23:49

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value ...

Medienbericht
  • EPSS 0.45%
  • Veröffentlicht 02.04.2026 17:20:06
  • Zuletzt bearbeitet 06.04.2026 20:24:48

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthen...

  • EPSS 0.23%
  • Veröffentlicht 02.04.2026 17:19:58
  • Zuletzt bearbeitet 06.04.2026 20:26:04

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An ...