Buffer Overflow Vulnerability in TP-Link Tapo C200 Cameras
CVE-2026-1871

7.1HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Tapo C200 V5
Vendor
CVE Published:
2 June 2026

What is CVE-2026-1871?

The TP-Link Tapo C200 v5 is impacted by a stack-based buffer overflow vulnerability within its RTSP authentication handling. This issue arises from inadequate validation of the lengths of the Authorization header field, which can be exploited through a specially crafted authentication request. When successfully exploited, this vulnerability causes the RTSP core service process to crash, leading to an automatic system reboot and a denial of service (DoS) condition. As a result, legitimate users are prevented from accessing the camera’s live video stream or management interface until the service restarts, significantly disrupting normal operations.

Affected Version(s)

Tapo C200 v5 0 < 1.4.4 Build 260527 Rel.28339n

References

https://www.tp-link.com/us/support/download/tapo-c200/v5/...
patch
https://www.tp-link.com/en/support/download/tapo-c200/v5/...
patch
https://www.tp-link.com/kr/support/download/tapo-c200/#Fi...
patch

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sumin Kim (@Shine)
.