Primary

Context

TP-Link Tapo C200 V3 Improper Content-Length Validation Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Tapo C200 V3 camera model. The issue arises because the HTTPS server on this device does not properly validate the Content-Length header. This flaw can lead to an integer overflow, allowing an unauthenticated attacker on the same local network segment to send crafted HTTPS requests. These requests can trigger excessive memory allocation, causing the device to crash and become unresponsive.

Impact

Exploitation of this vulnerability causes the device to crash, leading to a denial-of-service condition where the camera becomes unresponsive.

Remediation

Users are advised to check for updates on the Tapo Mobile Application to address this vulnerability. The latest firmware version can be downloaded from the TP-Link website.

Added: Dec 20, 2025, 1:18 AM

Updated: Dec 20, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo C200 V3 Improper Content-Length Validation Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

TP-Link Tapo C200

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating