Primary

Context

TP-Link Tapo C260 Access Control Bypass Vulnerability

Vulnerability

An access control vulnerability has been identified in the TP-Link Tapo C260 v1 camera. A guest-level authenticated user can bypass access restrictions by sending crafted requests to a synchronization endpoint. This exploitation allows unauthorized modification of protected device settings, enabling changes to sensitive configuration parameters and manipulation of the device's state, although it does not result in full code execution.

Impact

Exploitation of this vulnerability allows for unauthorized changes to device settings, leading to unauthorized manipulation of the device's state.

Remediation

Users are advised to update to the latest firmware version. The latest firmware can be downloaded from the TP-Link Tapo C260 v1 support page on the TP-Link website.

Added: Feb 10, 2026, 8:33 PM

Updated: Feb 11, 2026, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo C260 Access Control Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating