Stack-Based Buffer Overflow in Tapo C520WS by TP-Link
CVE-2026-6240
6.8MEDIUM
What is CVE-2026-6240?
A stack-based buffer overflow vulnerability has been identified in the Tapo C520WS v2 device, specifically within the ONVIF DeleteUsers service. This issue arises from inadequate boundary checks when processing requests to delete multiple user identifiers. An authenticated attacker can exploit this vulnerability by sending a meticulously crafted malicious request with an excessive number of identifiers, which may lead to stack memory overflow. The result of a successful attack could manifest as a service crash or deadlock, compromising the device's management and monitoring capabilities.
Affected Version(s)
Tapo C520WS v2 0 < 1.2.6 Build 260528
