Authenticated Format String Vulnerability in Tapo C520WS by TP-Link
CVE-2026-6241

6.8MEDIUM

What is CVE-2026-6241?

An authenticated format string vulnerability exists in the ONVIF AddScopes functionality of the Tapo C520WS v2. This vulnerability allows for unauthorized control over user input that is passed to formatting functions without proper sanitization. Attackers can exploit this flaw by injecting malicious format specifiers into ONVIF scope parameters, which can manipulate memory handling behaviors. As a result, this exploitation may lead to a crash of the ONVIF management service, causing a denial of service that interrupts the normal operation of the device.

Affected Version(s)

Tapo C520WS v2 0 < 1.2.6 Build 260528

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.