Description
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do actions, bypassing authorization checks.

Successful exploitation allows unauthenticated execution of restricted configuration actions, which may result in unauthorized modification of device state.
Published: 2026-04-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized configuration modification
Action: Update Firmware
AI Analysis

Impact

An authentication bypass flaw in the DS configuration service of TP‑Link Tapo C520WS v2.6 allows an unauthenticated attacker to inject privileged actions into a JSON request, causing the device to perform restricted configuration changes without proper authorization. This vulnerability is a fault in request parsing and authorization logic, classified as CWE-287. The consequence is that an attacker can alter device settings or operate the device in unauthorized modes, potentially disrupting network services or compromising sensitive data stored on the device.

Affected Systems

The affected system is the TP‑Link Tapo C520WS model v2.6, released by TP‑Link Systems Inc. No other vendors or product variants are listed as impacted in the available data.

Risk and Exploitability

The flaw carries a high CVSS score of 8.7, indicating significant impact if exploited. EPSS data is unavailable, but the weakness is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting that publicly known exploits may not yet exist. The attack vector is inferred to be through the device’s local network interface, as the vulnerability requires sending a specially crafted HTTP request to the DS configuration service. Successful exploitation would not require prior authentication and would enable an attacker to modify device configuration settings.

Generated by OpenCVE AI on April 2, 2026 at 22:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from TP‑Link that includes a fix for the authentication bypass defect
  • Restrict network access to the device to trusted devices only, for example by configuring firewall rules or router ACLs
  • If the device is exposed to the internet, disable remote management or block external access to the relevant ports
  • Regularly monitor device logs for anomalous configuration changes and investigate any unauthorized activity

Generated by OpenCVE AI on April 2, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do actions, bypassing authorization checks. Successful exploitation allows unauthenticated execution of restricted configuration actions, which may result in unauthorized modification of device state.
Title Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Tp-link Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-02T17:58:52.376Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34121

cve-icon Vulnrichment

Updated: 2026-04-02T17:58:47.830Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:28.990

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:02Z

Weaknesses