CVE-2025-14299
EUVD-2025-20462020.12.2025, 01:16
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tp-link | tapo_c200_firmware | 1.3.3:build_230228 |
| tp-link | tapo_c200_firmware | 1.3.4:build_230424 |
| tp-link | tapo_c200_firmware | 1.3.5:build_230717 |
| tp-link | tapo_c200_firmware | 1.3.7:build_230920 |
| tp-link | tapo_c200_firmware | 1.3.9:build_231019 |
| tp-link | tapo_c200_firmware | 1.3.11:build_231115 |
| tp-link | tapo_c200_firmware | 1.3.13:build_240327 |
| tp-link | tapo_c200_firmware | 1.3.14:build_240513 |
| tp-link | tapo_c200_firmware | 1.3.15:build_240715 |
| tp-link | tapo_c200_firmware | 1.4.1:build_241212 |
| tp-link | tapo_c200_firmware | 1.4.2:build_250313 |
| tp-link | tapo_c200_firmware | 1.4.4:build_250922 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-770 - Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
- CWE-190 - Integer Overflow or WraparoundThe software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.