Volerion logoVolerion
Volerion logoVolerion

TP-Link Tapo C220 and C520WS Unauthenticated Denial-of-Service Vulnerability via Firmware Update Endpoint

Vulnerability

A denial-of-service vulnerability has been identified in the TP-Link Tapo C220 v1 and Tapo C520WS v2 cameras. By sending crafted files to the firmware update endpoint, an unauthenticated attacker can disrupt core system services before authentication or firmware integrity is verified. This exploitation leads to a persistent denial-of-service condition, requiring a manual reboot or an application-initiated restart to restore normal functionality.

Impact

Exploitation of this vulnerability causes a persistent denial-of-service condition, disrupting core system services and requiring a manual reboot or application-initiated restart to restore normal operation.

Remediation

Users are advised to update to the latest firmware version. The updated firmware for the Tapo C220 v1 is available on the TP-Link website. For the Tapo C520WS v2, the latest firmware can also be downloaded from the TP-Link website.

Added: Jan 27, 2026, 6:25 PM
Updated: Jan 27, 2026, 6:25 PM

Vulnerability Rating

Custom Algorithm
spread
6.8
impact
2.5
exploitability
4.5
remediation
7.7
relevance
2.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.