VYPR

Tapo C200 Firmware

by TP-Link

CVEs (3)

  • CVE-2025-14300HigDec 20, 2025
    risk 0.53cvss 8.1epss 0.00

    The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service…

  • CVE-2026-1871MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core…

  • CVE-2025-8065MedDec 20, 2025
    risk 0.42cvss 6.5epss 0.00

    A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a…