VYPR
Medium severity6.5NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026

CVE-2026-1871

CVE-2026-1871

Description

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.

Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.12:build_240527:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.12:build_240527:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.13:build_240619:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.17:build_240806:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.5:build_240327:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.4:build_241219:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.8:build_250310:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.3:build_250610:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.1:build_250910:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_251119:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_260228:*:*:*:*:*:*
  • Range: v5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.