Medium severity6.5NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026
CVE-2026-1871
CVE-2026-1871
Description
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.
Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.12:build_240527:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.12:build_240527:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.13:build_240619:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.17:build_240806:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.5:build_240327:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.4:build_241219:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.8:build_250310:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.3:build_250610:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.1:build_250910:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_251119:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_260228:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- www.tp-link.com/us/support/faq/5113/nvdVendor Advisory
- www.tp-link.com/en/support/download/tapo-c200/v5/nvdRelease Notes
- www.tp-link.com/kr/support/download/tapo-c200/nvdRelease Notes
- www.tp-link.com/us/support/download/tapo-c200/v5/nvdRelease Notes
News mentions
0No linked articles in our index yet.