Unrated severityNVD Advisory· Published Jan 27, 2026· Updated Jan 27, 2026

Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

CVE-2026-1315

Description

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.

Affected products

Tp Link Systems Inc./Tapo C520ws V2v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tp-link.com/en/support/download/tapo-c220/v1/mitrepatch
www.tp-link.com/en/support/download/tapo-c520ws/v2/mitrepatch
www.tp-link.com/us/support/download/tapo-c220/v1.60/mitrepatch
www.tp-link.com/us/support/download/tapo-c520ws/v2/mitrepatch
www.tp-link.com/us/support/faq/4923/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000