Volerion logoVolerion
Volerion logoVolerion

TP-Link Tapo C220 and C520WS Denial-of-Service Vulnerability via Oversized URL in HTTP Parser

Vulnerability

A denial-of-service vulnerability has been identified in TP-Link Tapo C220 v1 and C520WS v2 cameras. The issue arises in the HTTP parser, which improperly manages requests with excessively long URL paths. This mismanagement leads to a crash and an automatic restart of the camera service. An unauthenticated attacker can exploit this vulnerability to cause repeated service disruptions, forcing the camera to reboot and temporarily unavailable.

Impact

Exploitation of this vulnerability causes the camera service to crash, followed by an automatic restart. However, repeated exploitation can keep the service unavailable for an extended period.

Remediation

Users are advised to update to the latest firmware version. The updated firmware for the Tapo C220 v1 can be downloaded from the TP-Link website. For the Tapo C520WS v2, the latest firmware is also available on the TP-Link website.

Added: Jan 27, 2026, 6:33 PM
Updated: Jan 27, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm
spread
6.8
impact
2.5
exploitability
4.9
remediation
7.7
relevance
2.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.