Stack-Based Buffer Overflow in Tapo C520WS Device by TP-Link
CVE-2026-6239

6.8MEDIUM

What is CVE-2026-6239?

A buffer overflow vulnerability has been identified in the Tapo C520WS device, specifically within the ONVIF CreateUsers service. The flaw arises when the device inadequately validates the number of XML user nodes during incoming request processing. An authenticated attacker can exploit this vulnerability by sending a crafted ONVIF request with an excessive number of user entries, leading to memory corruption. Such exploitation can cause the ONVIF management service to terminate unexpectedly, resulting in a denial-of-service condition that disrupts the device's configuration and management capabilities.

Affected Version(s)

Tapo C520WS v2 0 < 1.2.6 Build 260528

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.