Description
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries.  Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (DoS) via heap overflow
Action: Apply patch
AI Analysis

Impact

A heap‑based buffer overflow exists in the HTTP POST body parsing logic of TP‑Link Tapo C520WS firmware 2.6, caused by missing validation of remaining buffer capacity after dynamic allocation. The vulnerability allows crafted HTTP requests to write beyond the intended buffer, corrupting heap memory. Successful exploitation results in the device’s core process crashing or becoming unresponsive, effectively denying service to users on the network segment.

Affected Systems

Only the TP‑Link Tapo C520WS camera running firmware version 2.6 is listed as affected. No other devices or firmware versions are referenced as vulnerable in the available information.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high impact, while the EPSS score of less than 1% implies a low probability of widespread exploitation. The flaw is not cataloged in CISA's list of known exploited vulnerabilities. Attack requires local network access and involves sending malicious HTTP POST payloads from any host on the same segment. An attacker who can reach the camera can trigger a crash without gaining further access to the device or its network.

Generated by OpenCVE AI on April 7, 2026 at 02:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the camera firmware to the latest version available from TP‑Link’s support site; the release notes linked in the references contain the fix.
  • If an immediate firmware update cannot be performed, isolate the device from untrusted hosts by placing it on a separate VLAN or restricting HTTP access with a firewall to trusted networks.
  • Monitor the device for unexpected restarts or crashes and confirm that the vulnerability is no longer exploitable after applying the update.
  • Maintain regular firmware checks and promptly apply future security updates to protect against new vulnerabilities.

Generated by OpenCVE AI on April 7, 2026 at 02:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
CPEs cpe:2.3:h:tp-link:tapo_c520ws:2.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c520ws_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.
Title Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Tp-link Tapo C520ws Tapo C520ws Firmware Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-02T17:48:43.255Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34118

cve-icon Vulnrichment

Updated: 2026-04-02T17:48:38.574Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T18:16:28.503

Modified: 2026-04-06T20:26:55.677

Link: CVE-2026-34118

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:51Z

Weaknesses