Description
A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.
Published: 2026-04-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A path‑expansion overflow occurs in the HTTP request parsing of the TP‑Link Tapo C520WS. The firmware enforces limits on the raw request path but fails to consider the expanded form after normalization. A deliberately crafted URL can cause a buffer overflow and corrupt memory, which then forces the device to reboot or become non‑responsive.

Affected Systems

The affected product is the TP‑Link Tapo C520WS running firmware version 2.6.

Risk and Exploitability

The vulnerability scores a CVSS of 7.1, indicating a high impact. EPSS information is not available, and the vulnerability is not listed in CISA’s KEV catalog. The attack requires an attacker who can send HTTP requests to the device from the adjacent network; no remote access or privileged credentials are needed. A successful exploit leads to service interruption until the device is rebooted or rebooted automatically, severely impairing availability.

Generated by OpenCVE AI on April 2, 2026 at 22:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware from TP‑Link’s support site to remove the overflow bug
  • If a firmware update is not immediately available, disable the HTTP service or restrict access to trusted IPs using network firewall rules
  • Continuously monitor device logs for anomalous request patterns and apply additional patching as soon as it is released

Generated by OpenCVE AI on April 2, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tapo C520ws V2
Vendors & Products Tp-link
Tp-link tapo C520ws V2

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.
Title Denial of Service via Path Expansion Overflow in HTTP Service in TP-Link Tapo C520WS
Weaknesses CWE-120
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Tapo C520ws V2
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-03T13:05:50.590Z

Reserved: 2026-03-25T18:54:03.343Z

Link: CVE-2026-34124

cve-icon Vulnrichment

Updated: 2026-04-03T13:05:46.747Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:29.310

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-34124

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:17:23Z

Weaknesses