Description
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries.  Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A heap‑based buffer overflow exists in the HTTP POST body parsing logic of the TP‑Link Tapo C520WS firmware version 2.6. When malicious data is POSTed, the device allocates a buffer but does not verify that the buffer is large enough for the incoming content. This omission allows an attacker to write beyond the end of the buffer, corrupting heap memory. Because the overflow can cause the camera’s main process to crash or hang, the device becomes non‑responsive, resulting in a denial of service.

Affected Systems

The vulnerability impacts TP‑Link Systems Inc.’s Tapo C520WS camera running firmware 2.6. No other vendors or products are listed as affected.

Risk and Exploitability

The flaw receives a CVSS score of 7.1, indicating high severity. No EPSS score is published, and the issue is not included in CISA’s Known Exploited Vulnerabilities catalog, so exploitation likelihood is moderate. A local attacker on the same network segment can send crafted HTTP POST requests to trigger the overflow, causing the device to crash or become unresponsive.

Generated by OpenCVE AI on April 2, 2026 at 22:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by TP‑Link for the Tapo C520WS device.

Generated by OpenCVE AI on April 2, 2026 at 22:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.
Title Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Tp-link Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-02T17:48:43.255Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34118

cve-icon Vulnrichment

Updated: 2026-04-02T17:48:38.574Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:28.503

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34118

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:05Z

Weaknesses