{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8065", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2025-07-22T21:23:25.432Z", "datePublished": "2025-12-20T00:41:56.823Z", "dateUpdated": "2025-12-22T16:07:49.424Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["ONVIF Server"], "product": "Tapo C200 V3", "vendor": "TP-Link Systems Inc.", "versions": [{"lessThan": "C200(US)_V3_1.4.5 Build 251104", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Simone Margaritelli (evilsocket)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).<br>"}], "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS)."}], "impacts": [{"capecId": "CAPEC-770", "descriptions": [{"lang": "en", "value": "CAPEC-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-12-20T00:41:56.823Z"}, "references": [{"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"url": "https://www.tp-link.com/us/support/faq/4849/"}], "source": {"discovery": "UNKNOWN"}, "title": "Buffer Overflow in ONVIF XML Parser on Tapo C200", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T16:07:36.027962Z", "id": "CVE-2025-8065", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:07:49.424Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8065", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-22T16:07:36.027962Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:07:41.377Z"}}], "cna": {"title": "Buffer Overflow in ONVIF XML Parser on Tapo C200", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Simone Margaritelli (evilsocket)"}], "impacts": [{"capecId": "CAPEC-770", "descriptions": [{"lang": "en", "value": "CAPEC-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "modules": ["ONVIF Server"], "product": "Tapo C200 V3", "versions": [{"status": "affected", "version": "0", "lessThan": "C200(US)_V3_1.4.5 Build 251104", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"url": "https://www.tp-link.com/us/support/faq/4849/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).", "supportingMedia": [{"type": "text/html", "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2025-12-20T00:41:56.823Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8065", "state": "PUBLISHED", "dateUpdated": "2025-12-22T16:07:49.424Z", "dateReserved": "2025-07-22T21:23:25.432Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2025-12-20T00:41:56.823Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_230228:*:*:*:*:*:*", "matchCriteriaId": "CABD8DE6-9904-499D-919F-9DBD42BE6762", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.4:build_230424:*:*:*:*:*:*", "matchCriteriaId": "254031B5-7CC7-4B9D-970B-FAA6EBC3EAFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_230717:*:*:*:*:*:*", "matchCriteriaId": "9D61B481-8262-44D4-9A1D-9967AB1805DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.7:build_230920:*:*:*:*:*:*", "matchCriteriaId": "50D2F368-F8C8-41E1-9360-8CDF9F89E566", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.9:build_231019:*:*:*:*:*:*", "matchCriteriaId": "EF80958C-4274-4DEA-9730-176E3E6F21F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.11:build_231115:*:*:*:*:*:*", "matchCriteriaId": "7AA1B7FA-D418-46B2-A530-BF67E550E38F", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.13:build_240327:*:*:*:*:*:*", "matchCriteriaId": "DC4382B5-C7EC-4B98-AF28-8D08D0771133", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.14:build_240513:*:*:*:*:*:*", "matchCriteriaId": "1FCE1F5E-E84B-4CF4-B8A4-7A3448A0D127", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.15:build_240715:*:*:*:*:*:*", "matchCriteriaId": "C05AC5C2-5BB7-499A-AE2B-414103317D47", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.1:build_241212:*:*:*:*:*:*", "matchCriteriaId": "C1ED28D6-9441-440A-81D8-EB539D50BB56", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.2:build_250313:*:*:*:*:*:*", "matchCriteriaId": "51E28752-8B46-48CD-86B5-437449AED7C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.4:build_250922:*:*:*:*:*:*", "matchCriteriaId": "ECBC265E-2AA6-471E-A7BE-8F35DDA28645", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tapo_c200:3:*:*:*:*:*:*:*", "matchCriteriaId": "101FA54E-1A3D-4A38-BBD0-8DAFAC414EA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS)."}], "id": "CVE-2025-8065", "lastModified": "2026-01-08T19:38:13.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2025-12-20T01:16:05.410", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Release Notes"], "url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/support/faq/4849/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"created": "2025-12-21T21:12:33.042339+00:00", "updated": "2025-12-21T21:12:33.042366+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$tapo", "tp-link$PRODUCT$tapo_c200", "tp-link$PRODUCT$tapo_c200_v3"]}