VYPR
Vendor

Tapo

Products
4
CVEs
8
Across products
8
Status
Private

Products

4

Recent CVEs

8
  • CVE-2023-38293HigApr 22, 2024
    risk 0.48cvss 7.3epss 0.01

    Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context…

  • CVE-2026-34123HigJun 6, 2026
    risk 0.46cvss epss 0.00

    On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method…

  • CVE-2025-1099HigFeb 10, 2025
    risk 0.46cvss epss 0.00

    This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data…

  • CVE-2026-6242MedJun 6, 2026
    risk 0.44cvss epss 0.00

    An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or…

  • CVE-2026-6241MedJun 6, 2026
    risk 0.44cvss epss 0.00

    An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to…

  • CVE-2026-6240MedJun 6, 2026
    risk 0.44cvss epss 0.00

    A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive…

  • CVE-2026-6239MedJun 6, 2026
    risk 0.44cvss epss 0.00

    A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request…

  • CVE-2025-14299Dec 20, 2025
    risk 0.00cvss epss 0.00

    The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device…