Primary

Context

TP-Link Tapo C520WS Heap-Based Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the TP-Link Tapo C520WS camera, specifically in version 2.6. This vulnerability arises from insufficient alignment and validation of buffer boundaries during the asynchronous parsing of local video stream content. An attacker on the same network segment could exploit this vulnerability by sending crafted payloads that cause memory corruption by writing beyond the allocated buffer limits. Successful exploitation leads to a Denial-of-Service condition, causing the device's process to crash or become unresponsive.

Impact

Exploitation of this vulnerability causes the device's process to crash or become unresponsive, creating a Denial-of-Service condition.

Remediation

Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link website.

Added: Apr 2, 2026, 7:03 PM

Updated: Apr 2, 2026, 7:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo C520WS Heap-Based Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating