Denial of Service Vulnerability in Tapo C200 V3 by TP-Link
CVE-2025-14299

7.1HIGH

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tapo C200 V3
Vendor: CVE Published:; 20 December 2025

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2025-14299?

The Tapo C200 V3 experiences a vulnerability in its HTTPS server due to improper validation of the Content-Length header. This weakness allows an unauthenticated attacker on the same local network segment to craft malicious HTTPS requests. When executed, these requests can cause excessive memory allocation, leading to a device crash and resulting in denial-of-service instability.

Affected Version(s)

Tapo C200 V3 0

References

https://www.tp-link.com/us/support/download/tapo-c200/v3/...

https://www.tp-link.com/us/support/faq/4849/

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 20, 2025
Vulnerability Reserved
Dec 8, 2025

Credit

Simone Margaritelli (evilsocket)

JSON