CVE-2026-6240
Description
A stack-based buffer overflow in the ONVIF DeleteUsers service of Tapo C520WS v2 allows authenticated attackers to cause a DoS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in the ONVIF DeleteUsers service of Tapo C520WS v2 allows authenticated attackers to cause a DoS.
Vulnerability
A stack-based buffer overflow vulnerability exists in the ONVIF DeleteUsers service of the Tapo C520WS v2. This is due to insufficient boundary checks when handling multiple user deletion parameters within a crafted malicious request containing an excessive number of identifiers.
Exploitation
An authenticated attacker can exploit this vulnerability by sending a specially crafted ONVIF request with an excessive number of user identifiers to the DeleteUsers service. This requires network access to the device and valid user credentials.
Impact
Successful exploitation may result in a service crash or deadlock, leading to a denial-of-service (DoS) condition. This impacts device management and monitoring functionality.
Mitigation
TP-Link has released firmware updates to address this vulnerability. Users are advised to update their devices to the latest firmware version. Specific fixed versions are not detailed in the provided references, but the advisory indicates that patches are available [3].
AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.