CVE-2026-1315 - Vulnerability Details

- Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

Description

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.

Published: 2026-01-27

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker to send crafted files to the firmware update endpoint of the device. Because the device terminates core services before verifying authentication or firmware integrity, the attacker can cause a persistent denial of service that requires a manual reboot or application‑initiated restart to restore normal operation.

Affected Systems

TP‑Link Systems Inc. devices Tapo C220 (first generation) and Tapo C520WS (second generation) are affected. Firmware download links for these models are available on TP‑Link’s support site. No additional version information is provided beyond the model identifiers.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact vulnerability, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, which limits known exploit prevalence. An unauthenticated attacker, typically with access to the local network, can trigger the denial of service by targeting the update endpoint; the lack of authentication or integrity checks allows the exploit to be performed without special privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

Tapo C220 v1

unaffected

Version	Status	Constraints
`0`	affected	< 1.4.2 Build 251112

TP-Link Systems Inc.

Tapo C520WS v2

unaffected

Version	Status	Constraints
`0`	affected	< 1.2.3 Build 251114

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tapo_c220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tapo_c220:1:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tapo_c520ws_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tapo_c520ws:2:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Tp-link	Tapo	—	—
Tp-link	Tapo C220 V1	—	—
Tp-link	Tapo C520ws V2	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Download and install the latest firmware for each affected device from the official TP‑Link support site.
After the firmware update is completed, reboot the device to ensure all services restart correctly.
Configure your network to restrict access to the firmware update endpoint, for example by permitting only trusted internal IP ranges or implementing VLAN segmentation.
Temporarily disable remote firmware update features if they are not required.

Generated by OpenCVE AI on April 18, 2026 at 02:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00252.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.tp-link.com/en/support/download/tapo-c220/v1/
https://www.tp-link.com/en/support/download/tapo-c520ws/v2/
https://www.tp-link.com/us/support/download/tapo-c220/v1.60/
https://www.tp-link.com/us/support/download/tapo-c520ws/v2/
https://www.tp-link.com/us/support/faq/4923/

History

Wed, 11 Mar 2026 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link tapo C220 Tp-link tapo C220 Firmware Tp-link tapo C520ws Tp-link tapo C520ws Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:tp-link:tapo_c220:1:::::::* cpe:2.3:h:tp-link:tapo_c520ws:2:::::::* cpe:2.3:o:tp-link:tapo_c220_firmware:::::::: cpe:2.3:o:tp-link:tapo_c520ws_firmware::::::::
Vendors & Products		Tp-link tapo C220 Tp-link tapo C220 Firmware Tp-link tapo C520ws Tp-link tapo C520ws Firmware
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Wed, 28 Jan 2026 12:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link tapo Tp-link tapo C220 V1 Tp-link tapo C520ws V2
Vendors & Products		Tp-link Tp-link tapo Tp-link tapo C220 V1 Tp-link tapo C520ws V2

Tue, 27 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 27 Jan 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.
Title		Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS
Weaknesses		CWE-20
References		https://www.tp-link.com/en/support/download/tapo-c220/v1/ https://www.tp-link.com/en/support/download/tapo-c520ws/v2/ https://www.tp-link.com/us/support/download/tapo-c220/v1.60/ https://www.tp-link.com/us/support/download/tapo-c520ws/v2/ https://www.tp-link.com/us/support/faq/4923/
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Tp-link Tapo Tapo C220 Tapo C220 Firmware Tapo C220 V1 Tapo C520ws Tapo C520ws Firmware Tapo C520ws V2

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-01-27T17:53:29.242Z

Updated: 2026-01-27T18:11:48.097Z

Reserved: 2026-01-21T23:01:34.738Z

Link: CVE-2026-1315

Vulnrichment

Updated: 2026-01-27T18:11:39.389Z

NVD

Status : Analyzed

Published: 2026-01-27T18:15:55.257

Modified: 2026-03-11T22:19:43.510

Link: CVE-2026-1315

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object