CVE-2026-1871

EUVD-2026-33978

02.06.2026, 17:16

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.

Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition.  This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://www.tp-link.com/en/support/download/tapo-c200/v5/#Firmware-Release-Notes

https://www.tp-link.com/kr/support/download/tapo-c200/#Firmware-Release-Notes

https://www.tp-link.com/us/support/download/tapo-c200/v5/#Firmware-Release-Notes

https://www.tp-link.com/us/support/faq/5113/