Authenticated Format String Vulnerability in Tapo C110 by TP-Link
CVE-2026-6250
7HIGH
What is CVE-2026-6250?
An authenticated format string vulnerability exists within the ONVIF service of the Tapo C110 v2 due to inadequate management of user-controlled inputs. This flaw allows externally controlled data to be misinterpreted as a format string, potentially leading to manipulation of stack memory and unauthorized alterations of control flow, including vital data like return addresses. An attacker with authenticated access may exploit this vulnerability to redirect the execution flow to internal functions, which could trigger unauthorized factory resets, resulting in configuration loss, deletion of stored credentials, and significant service disruptions.
Affected Version(s)
Tapo C110 v2 0 < 1.5.4 Build 260428
