QSearchQSearch

CVE-2026-6240

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary check...

Published: 2026-06-06 · Last updated: 2026-06-08

Severity and scoring

CWE
CWE-121

Description

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-10829 A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier
  • CVE-2026-7273 A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allo... (8.8 HIGH)
  • CVE-2025-55660 A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of... (5.5 MEDIUM)
  • CVE-2026-8356 LibreOffice can import presentations in the legacy binary PPT format
  • CVE-2026-12222 A vulnerability was determined in Yealink SIP-T46U 108.86.0.118 (8.0 HIGH)