Format String Vulnerability in Tapo C520WS by TP-Link
CVE-2026-6242
6.8MEDIUM
What is CVE-2026-6242?
An authenticated format string vulnerability in the Tapo C520WS v2's ONVIF Subscribe service arises from inadequate management of externally supplied parameters in formatting functions. Attackers can exploit this weakness by crafting format strings in event subscription requests, potentially leading to unexpected termination of the event notification service. This disruption can result in significant issues such as loss of real-time alarm functionalities and interruptions in event notifications.
Affected Version(s)
Tapo C520WS v2 0 < 1.2.6 Build 260528
