Description
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing
loop
when appending segmented request bodies without
continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries.  Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a heap-based buffer overflow located in the HTTP parsing loop of TP‑Link Tapo C520WS firmware v2.6. When the firmware appends segmented request bodies without verifying boundaries, an attacker can send an HTTP request that writes past the allocated buffer. This over‑write corrupts heap memory and results in a crash or unresponsive state of the device’s main process, effectively denying normal operation to legitimate users.

Affected Systems

The flaw affects only the TP‑Link Tapo C520WS model running firmware version 2.6. No other versions or products are listed, so only units with that specific firmware are vulnerable.

Risk and Exploitability

The CVSS score of 7.1 reflects a moderate severity, and the EPSS score of less than 1 % indicates low current exploitation probability. The attack requires an adversary on the same local network segment that can issue specially crafted HTTP traffic; the description explicitly notes this local‑network requirement. Because the flaw leads exclusively to a denial of service and no privilege escalation or data exposure is documented, the overall impact is limited to availability. The vulnerability is not listed in CISA’s KEV catalog, suggesting no documented active exploitation at the time of disclosure.

Generated by OpenCVE AI on April 7, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest firmware released by TP‑Link that resolves the memory overflow issue.
  • Restrict network access to the Tapo C520WS by limiting inbound connections to trusted IP ranges and blocking unsolicited HTTP traffic.
  • Disable unused network services on the device to reduce the attack surface.
  • Continuously monitor the device for unexpected restarts or service failures, and configure alerts if possible.

Generated by OpenCVE AI on April 7, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
CPEs cpe:2.3:h:tp-link:tapo_c520ws:2.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c520ws_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.
Title Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Tapo C520ws Tapo C520ws Firmware Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-03T13:06:40.136Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34119

cve-icon Vulnrichment

Updated: 2026-04-03T13:06:36.310Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T18:16:28.680

Modified: 2026-04-06T20:26:38.527

Link: CVE-2026-34119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:50Z

Weaknesses