Description
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to
insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries.  Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial-of-Service
Action: Patch Now
AI Analysis

Impact

A heap-based buffer overflow exists in the asynchronous parsing of local video stream content in TP-Link Tapo C520WS firmware 2.6. Insufficient alignment and validation allow overwriting of heap memory, leading to a process crash or loss of responsiveness. The weakness is a classic memory corruption flaw (CWE‑122).

Affected Systems

The vulnerability affects TP‑Link Systems Inc.’s Tapo C520WS device running firmware version 2.6. Only that build is listed as vulnerable; newer firmware releases may contain the fix.

Risk and Exploitability

The score of 7.1 indicates moderate‑to‑high severity, while the EPSS score of less than 1 % suggests a low likelihood of exploitation in the wild. The flaw is not catalogued in the CISA KEV list. Attackers would need to be on the same local network segment to send crafted video stream packets that trigger the overflow, resulting in a denial of service. The impact is limited to the device itself, causing it to hang or crash, but the local network traffic may be disrupted until the device is rebooted or patched.

Generated by OpenCVE AI on April 7, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Tapo C520WS firmware to the latest version available from TP‑Link’s support site (the release notes indicate the vulnerability is fixed in newer builds).
  • If an update is not immediately available, isolate the device on a separate VLAN or apply firewall rules to block inbound video stream traffic from untrusted sources on the local network.

Generated by OpenCVE AI on April 7, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
CPEs cpe:2.3:h:tp-link:tapo_c520ws:2.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c520ws_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.
Title Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Tp-link Tapo C520ws Tapo C520ws Firmware Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-02T17:58:08.441Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34120

cve-icon Vulnrichment

Updated: 2026-04-02T17:58:05.302Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T18:16:28.827

Modified: 2026-04-06T20:26:04.310

Link: CVE-2026-34120

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:49Z

Weaknesses