Description
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.

Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Published: 2026-06-02
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

TP‑Link Tapo C200 v5 stores the contents of the RTSP Authorization header without proper bounds checking, creating a stack‑based buffer overflow. An attacker who can send a crafted authentication request can cause the RTSP core service to crash, forcing the camera to reboot and preventing access to the live stream or management interface until service recovery.

Affected Systems

The vulnerability afflicts the TP‑Link Tapo C200 model v5. Users of this camera model, including home and small‑business deployments, are exposed when the device is reachable over the network and RTSP credentials are present.

Risk and Exploitability

The flaw merits a CVSS score of 7.1, indicating high severity. The EPSS score is unavailable, and the issue is not listed in CISA’s KEV catalog. Exploitation requires authentic credentials for the RTSP service, implying an authenticated attacker. Once authenticated, the attacker can trigger a reboot-induced denial of service. The absence of a public exploit at this time reduces immediate risk, but the high severity and lack of a mitigation in the vendor firmware warrant swift action.

Generated by OpenCVE AI on June 2, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware update for the Tapo C200 from TP‑Link’s official website
  • If a firmware update cannot be applied immediately, block inbound RTSP traffic to the device using a firewall or network segmentation to prevent the attack vector from reaching the camera
  • If RTSP is not required for operation, disable the feature in the camera’s configuration or remove the RTSP service entirely

Generated by OpenCVE AI on June 2, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Title Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-06-02T16:13:36.640Z

Reserved: 2026-02-04T00:03:47.430Z

Link: CVE-2026-1871

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T17:16:26.967

Modified: 2026-06-02T17:19:15.030

Link: CVE-2026-1871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T18:30:15Z

Weaknesses