VYPR

Tapo C520ws Firmware

by TP-Link

CVEs (10)

  • CVE-2026-34121HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append…

  • CVE-2026-0651HigFeb 10, 2026
    risk 0.51cvss 7.8epss 0.00

    A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization…

  • CVE-2026-0919HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An…

  • CVE-2026-0918HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An…

  • CVE-2026-34124MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker…

  • CVE-2026-34122MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable…

  • CVE-2026-34120MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network…

  • CVE-2026-34119MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied…

  • CVE-2026-34118MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied…

  • CVE-2025-8065MedDec 20, 2025
    risk 0.42cvss 6.5epss 0.00

    A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a…