Description
A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow.

Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A stack-based buffer overflow has been identified in the configuration handling component of the TP-Link Tapo C520WS firmware version 2.6. The vulnerability arises because the firmware does not properly validate the length of a configuration parameter supplied by an operator. When an unusually long value is provided, the input overflows the stack, causing the device’s management service to crash or the device itself to reboot. The failure mode is an availability loss, with no direct compromise of data confidentiality or integrity. This weakness is categorized as CWE-121.

Affected Systems

The affected system is the TP-Link Tapo C520WS camera running firmware version 2.6. No other versions or models are listed as impacted in the CNA data.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1, indicating moderate severity, and an EPSS score of less than 1%, suggesting a low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. The likely attack vector is remote, via the device’s web or management interface, where an attacker can submit the oversized configuration value without needing local access. Successful exploitation results in service crashes or device restarts, causing downtime for any applications relying on continuous camera operation.

Generated by OpenCVE AI on April 7, 2026 at 01:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from TP-Link that addresses the stack-based buffer overflow vulnerability.
  • If a firmware update is not available, limit access to the device’s configuration interface by disabling remote management or segmenting the network.
  • Monitor the device for unexpected reboots or crashes which may indicate exploitation attempts.
  • If the device continues to be vulnerable, consider performing a factory reset and reconfiguring it with secure network settings.
  • Ensure that all management protocols are protected with appropriate authentication and are not exposed to untrusted networks.

Generated by OpenCVE AI on April 7, 2026 at 01:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
CPEs cpe:2.3:h:tp-link:tapo_c520ws:2.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tapo_c520ws_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tapo C520ws
Tp-link tapo C520ws Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.
Title Stack-based Buffer Overflow Leading to Denial of Service in TP-Link Tapo C520WS
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Tp-link Tapo C520ws Tapo C520ws Firmware Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-02T17:59:32.667Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34122

cve-icon Vulnrichment

Updated: 2026-04-02T17:59:29.666Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T18:16:29.150

Modified: 2026-04-06T20:23:49.380

Link: CVE-2026-34122

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:47Z

Weaknesses