TP-Link Tapo C520WS v2: Four Vulnerabilities Disclosed, Including High-Severity DoS
TP-Link's Tapo C520WS v2 camera is affected by four vulnerabilities, including a high-severity denial-of-service flaw, disclosed on June 5-6, 2026.
Key findings
- Four vulnerabilities disclosed for TP-Link Tapo C520WS v2 on June 5-6, 2026.
- High-severity DoS vulnerability (CVE-2026-8714) affects the RTSP server.
- Three medium-severity ONVIF vulnerabilities include format string bugs and a buffer overflow.
- Vulnerabilities impact the ONVIF Subscribe, AddScopes, CreateUsers services, and RTSP component.
- All disclosed flaws affect version 2 of the Tapo C520WS camera.
TP-Link's Tapo C520WS v2 security camera has been found to contain four distinct vulnerabilities, disclosed in rapid succession on June 5th and 6th, 2026. The batch includes a high-severity denial-of-service (DoS) vulnerability and three medium-severity flaws, primarily impacting the device's ONVIF service and RTSP component.
The most critical of these, CVE-2026-8714, is a denial-of-service vulnerability within the camera's Real-Time Streaming Protocol (RTSP) server. This flaw arises from the improper handling of syntactically invalid input. Attackers can send specially crafted, malformed data to the RTSP service, triggering an error that causes the service to become unresponsive, effectively disrupting video streaming capabilities. This vulnerability was disclosed on June 5th, 2026.
Three other medium-severity vulnerabilities were disclosed on June 6th, 2026, all related to the ONVIF service implementation in the Tapo C520WS v2. CVE-2026-6242 and CVE-2026-6241 both stem from format string vulnerabilities within the ONVIF Subscribe and AddScopes services, respectively. In both cases, improper handling of externally supplied parameters or user-controlled input within formatting functions allows an attacker to inject crafted format strings. This can lead to memory corruption or disruption of normal service operations.
Additionally, CVE-2026-6239, a stack-based buffer overflow vulnerability, exists in the ONVIF CreateUsers service. This issue occurs because the device fails to properly validate the number of XML user nodes within a request. An authenticated attacker could exploit this by sending a crafted ONVIF request with an excessive number of user entries, potentially leading to a buffer overflow and service instability.
All four vulnerabilities affect version 2 of the Tapo C520WS camera. While specific patch details were not immediately available at the time of disclosure, users are advised to monitor TP-Link's official support channels for firmware updates addressing these security weaknesses. The close timing of these disclosures suggests a coordinated discovery or reporting process, highlighting potential areas of concern for users of this popular smart camera.
Given the nature of these vulnerabilities, particularly the DoS flaw and the potential for memory manipulation via format string bugs and buffer overflows, prompt patching is recommended to mitigate risks of service disruption and potential further compromise. Users should ensure their devices are updated as soon as patches become available.