Description
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to
insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker
on the same network segment could trigger heap memory corruption conditions by
sending crafted payloads that cause write operations beyond allocated buffer
boundaries.  Successful exploitation
causes a Denial-of-Service (DoS) condition, causing the device’s process to
crash or become unresponsive.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Upgrade
AI Analysis

Impact

A heap‑based buffer overflow occurs during asynchronous parsing of local video stream content, allowing an attacker on the same network to send crafted inputs that exceed buffer boundaries. Successful exploitation corrupts heap memory and crashes or freezes the device, leading to a denial of service.

Affected Systems

The vulnerability affects TP‑Link Systems Inc.’s Tapo C520WS v2.6, a consumer‑grade security camera used in residential or small business environments. No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity. No EPSS score is available, so the exact likelihood of exploitation cannot be quantified. The attack requires local network access, but can be executed from any machine within the same segment, so a compromised or malicious device could trigger the DoS. The vulnerability is not currently catalogued in CISA’s KEV list, suggesting no widespread exploitation has been documented. Mitigation should be pursued immediately because the denial of service could disrupt surveillance functions.

Generated by OpenCVE AI on April 2, 2026 at 22:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware update for the Tapo C520WS from the TP‑Link support site.
  • Verify that the device reports the new firmware version after the upgrade.
  • If a firmware upgrade is not possible, isolate the camera from the network or disable video streaming to prevent remote exploitation.
  • Monitor network traffic for malformed video stream packets that may indicate attempted exploitation.
  • Review device logs for crash events and ensure alerts are configured for unresponsive behavior.

Generated by OpenCVE AI on April 2, 2026 at 22:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.
Title Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Tp-link Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-02T17:58:08.441Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34120

cve-icon Vulnrichment

Updated: 2026-04-02T17:58:05.302Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:28.827

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34120

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:03Z

Weaknesses