VYPR

C200

by Tapo

CVEs (2)

  • CVE-2023-38293HigApr 22, 2024
    risk 0.48cvss 7.3epss 0.01

    Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context…

  • CVE-2025-14299Dec 20, 2025
    risk 0.00cvss epss 0.00

    The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device…