Description
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing
loop
when appending segmented request bodies without
continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries.  Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial-of-Service
Action: Immediate Patch
AI Analysis

Impact

A heap-based buffer overflow occurs in the HTTP parsing loop when HTTP request bodies are appended without proper boundary verification. The flaw allows an attacker on the same network to overflow allocated memory, causing the device to crash or become unresponsive. The impact is a loss of availability for the affected device.

Affected Systems

TP‑Link Tapo C520WS firmware version 2.6.

Risk and Exploitability

The vulnerability has a CVSS score of 7.1, indicating a high severity level. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a local network attacker who can send crafted HTTP requests to the device. While the exploit requires proximity to the device’s network segment, the lack of enforcement of buffer limits makes exploitation straightforward for an attacker who can reach the device. Given the lack of EPSS data, the exact probability of exploitation is uncertain, but the high CVSS score and local network exposure suggest a significant risk if the device is reachable by untrusted hosts.

Generated by OpenCVE AI on April 2, 2026 at 22:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by TP‑Link for the Tapo C520WS that addresses this issue.
  • If no newer firmware is available, restrict the device’s HTTP interface by placing it on a separate VLAN or subnet accessible only to trusted devices.
  • Monitor network traffic for suspicious HTTP requests that could indicate attempts to trigger the overflow.

Generated by OpenCVE AI on April 2, 2026 at 22:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.
Title Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-03T13:06:40.136Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34119

cve-icon Vulnrichment

Updated: 2026-04-03T13:06:36.310Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:28.680

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:04Z

Weaknesses