CVE-2026-6250

EUVD-2026-36326

11.06.2026, 22:16

An
authenticated format string vulnerability exists in the ONVIF service of Tapo
C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as
a format string, which can be used to manipulate stack memory, including
control flow data such as return addresses.





A remote
authenticated attacker may redirect execution flow to existing internal
functions, triggering an unauthorized factory reset, leading to loss of
configuration, deletion of stored credentials and service disruption.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

https://www.tp-link.com/en/support/download/tapo-c110/v2/#Firmware-Release-Notes

https://www.tp-link.com/kr/support/download/tapo-c110/v2/#Firmware-Release-Notes

https://www.tp-link.com/us/support/download/tapo-c110/v2/#Firmware-Release-Notes

https://www.tp-link.com/us/support/faq/5128/