Authenticated Format String Vulnerability in Tapo C110 by TP-Link
CVE-2026-6250

7HIGH

Key Information:

Vendor
CVE Published:
11 June 2026

What is CVE-2026-6250?

An authenticated format string vulnerability exists within the ONVIF service of the Tapo C110 v2 due to inadequate management of user-controlled inputs. This flaw allows externally controlled data to be misinterpreted as a format string, potentially leading to manipulation of stack memory and unauthorized alterations of control flow, including vital data like return addresses. An attacker with authenticated access may exploit this vulnerability to redirect the execution flow to internal functions, which could trigger unauthorized factory resets, resulting in configuration loss, deletion of stored credentials, and significant service disruptions.

Affected Version(s)

Tapo C110 v2 0 < 1.5.4 Build 260428

References

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Juhyeop Lee(@juhye0p) of STEALIEN
.