Description
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.

Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Published: 2026-06-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

TP‑Link Tapo C200 v5 stores the contents of the RTSP Authorization header without proper bounds checking, creating a stack‑based buffer overflow. An attacker who can send a crafted authentication request can cause the RTSP core service to crash, forcing the camera to reboot and preventing access to the live stream or management interface until service recovery.

Affected Systems

The vulnerability afflicts the TP‑Link Tapo C200 model v5. Users of this camera model, including home and small‑business deployments, are exposed when the device is reachable over the network and RTSP credentials are present.

Risk and Exploitability

The flaw merits a CVSS score of 7.1, indicating high severity. The EPSS score is unavailable, and the issue is not listed in CISA’s KEV catalog. Exploitation requires authentic credentials for the RTSP service, implying an authenticated attacker. Once authenticated, the attacker can trigger a reboot-induced denial of service. The absence of a public exploit at this time reduces immediate risk, but the high severity and lack of a mitigation in the vendor firmware warrant swift action.

Generated by OpenCVE AI on June 2, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware update for the Tapo C200 from TP‑Link’s official website
  • If a firmware update cannot be applied immediately, block inbound RTSP traffic to the device using a firewall or network segmentation to prevent the attack vector from reaching the camera
  • If RTSP is not required for operation, disable the feature in the camera’s configuration or remove the RTSP service entirely

Generated by OpenCVE AI on June 2, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tapo C200
Tp-link tapo C200 Firmware
CPEs cpe:2.3:h:tp-link:tapo_c200:5:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.12:build_240527:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.13:build_240619:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.17:build_240806:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.5:build_240327:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.4:build_241219:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.8:build_250310:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.3:build_250610:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.1:build_250910:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_251119:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_260228:*:*:*:*:*:*
Vendors & Products Tp-link tapo C200
Tp-link tapo C200 Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C200 V5
Vendors & Products Tp-link
Tp-link tapo C200 V5
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Title Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Tapo C200 Tapo C200 Firmware Tapo C200 V5
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-06-02T18:24:54.391Z

Reserved: 2026-02-04T00:03:47.430Z

Link: CVE-2026-1871

cve-icon Vulnrichment

Updated: 2026-06-02T18:21:30.840Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-02T17:16:26.967

Modified: 2026-06-04T17:41:24.973

Link: CVE-2026-1871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:50:51Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow