CVE-2025-8065
EUVD-2025-20462120.12.2025, 01:16
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tp-link | tapo_c200_firmware | 1.3.3:build_230228 |
| tp-link | tapo_c200_firmware | 1.3.4:build_230424 |
| tp-link | tapo_c200_firmware | 1.3.5:build_230717 |
| tp-link | tapo_c200_firmware | 1.3.7:build_230920 |
| tp-link | tapo_c200_firmware | 1.3.9:build_231019 |
| tp-link | tapo_c200_firmware | 1.3.11:build_231115 |
| tp-link | tapo_c200_firmware | 1.3.13:build_240327 |
| tp-link | tapo_c200_firmware | 1.3.14:build_240513 |
| tp-link | tapo_c200_firmware | 1.3.15:build_240715 |
| tp-link | tapo_c200_firmware | 1.4.1:build_241212 |
| tp-link | tapo_c200_firmware | 1.4.2:build_250313 |
| tp-link | tapo_c200_firmware | 1.4.4:build_250922 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.