CVE-2026-1871
6.5 MEDIUMTP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorizat...
Published: 2026-06-02 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-121
Affected products
| Vendor | Product |
|---|---|
| tp-link | tapo_c200_firmware |
Description
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-1871
- [Other]https://www.tp-link.com/en/support/download/tapo-c200/v5/#Firmware-Release-Notes
- [Other]https://www.tp-link.com/kr/support/download/tapo-c200/#Firmware-Release-Notes
- [Other]https://www.tp-link.com/us/support/download/tapo-c200/v5/#Firmware-Release-Notes
- [Vendor advisory]https://www.tp-link.com/us/support/faq/5113/
Related CVEs
Same vendor
- CVE-2026-34127 — A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch d... (4.8 MEDIUM)
- CVE-2026-34126 — TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication du... (7.5 HIGH)
- CVE-2026-8697 — Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited aut... (8.8 HIGH)
- CVE-2026-5509 — An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execu... (7.2 HIGH)
- CVE-2026-3294 — An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to ma... (8.8 HIGH)
Same CWE
- CVE-2026-49760 — Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow
- CVE-2026-49759 — Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by...
- CVE-2026-26241 — A buffer overflow vulnerability has been reported to affect File Station 5
- CVE-2026-26240 — A buffer overflow vulnerability has been reported to affect File Station 5
- CVE-2026-26239 — A buffer overflow vulnerability has been reported to affect File Station 5