Primary

Context

TP-Link Tapo C200 Buffer Overflow Vulnerability in ONVIF XML Parser Allowing Denial-of-Service

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the ONVIF XML parser of the TP-Link Tapo C200 V3 camera. This vulnerability allows an unauthenticated attacker on the same local network segment to send specially crafted SOAP XML requests. The exploitation of this vulnerability causes a memory overflow, leading to a device crash and a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the device to crash, creating a denial-of-service condition.

Remediation

Users are advised to check for updates on the Tapo Mobile Application to address this vulnerability. The latest firmware version can be downloaded from the TP-Link Tapo C200 V3 support page.

Added: Dec 20, 2025, 1:17 AM

Updated: Dec 20, 2025, 1:17 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo C200 Buffer Overflow Vulnerability in ONVIF XML Parser Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

TP-Link Tapo C200

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating