Primary

Context

TP-Link Tapo C520WS Denial-of-Service Vulnerability via HTTP Request Path Parsing

Vulnerability

A denial-of-service vulnerability exists in the TP-Link Tapo C520WS camera, version 2.6, due to improper handling of HTTP request paths. The vulnerability arises because the device enforces length limits on raw request paths but fails to consider path expansion during normalization. An attacker on the same network can exploit this by sending a crafted HTTP request that causes a buffer overflow and memory corruption, leading to a system crash or device reboot.

Impact

Exploitation of this vulnerability causes a buffer overflow and memory corruption, disrupting system operations or causing the device to reboot.

Remediation

Users are advised to update to the latest firmware version. The updated firmware can be downloaded from the TP-Link website, either from the US or the international page.

Added: Apr 2, 2026, 9:03 PM

Updated: Apr 2, 2026, 9:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.9

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Tapo C520WS Denial-of-Service Vulnerability via HTTP Request Path Parsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating