VYPR

Tapo C200

by TP-Link

CVEs (8)

  • CVE-2021-4045CriMar 10, 2022
    risk 0.73cvss 9.8epss 0.72

    TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

  • CVE-2025-14300HigDec 20, 2025
    risk 0.53cvss 8.1epss 0.00

    The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service…

  • CVE-2026-1871MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core…

  • CVE-2025-14299MedDec 20, 2025
    risk 0.42cvss 6.5epss 0.00

    The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device…

  • CVE-2023-38906MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.

  • CVE-2022-41505MedJan 23, 2023
    risk 0.42cvss 6.4epss 0.00

    An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

  • CVE-2023-27126MedJun 6, 2023
    risk 0.30cvss 4.6epss 0.00

    The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account…

  • CVE-2026-12760Jun 24, 2026
    risk 0.00cvss epss 0.00

    A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading…

VYPR — Vulnerability Intelligence