CVE-2026-1871
EUVD-2026-3397802.06.2026, 17:16
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tp-link | tapo_c200_firmware | 1.0.5:build_240327 |
| tp-link | tapo_c200_firmware | 1.0.12:build_240527 |
| tp-link | tapo_c200_firmware | 1.0.13:build_240619 |
| tp-link | tapo_c200_firmware | 1.0.17:build_240806 |
| tp-link | tapo_c200_firmware | 1.1.4:build_241219 |
| tp-link | tapo_c200_firmware | 1.1.8:build_250310 |
| tp-link | tapo_c200_firmware | 1.2.3:build_250610 |
| tp-link | tapo_c200_firmware | 1.3.1:build_250910 |
| tp-link | tapo_c200_firmware | 1.3.3:build_251119 |
| tp-link | tapo_c200_firmware | 1.3.5:build_260228 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration