CVE-2025-8065
Buffer Overflow in Tapo C200 V3 ONVIF Parser Causes DoS
Publication date: 2025-12-20
Last updated on: 2026-04-03
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tapo | c200 | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker on the same local network can cause the Tapo C200 V3 device to crash by exploiting the buffer overflow, resulting in denial-of-service. This means the device will become unavailable or unresponsive, potentially disrupting surveillance or monitoring functions.
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the ONVIF XML parser of the Tapo C200 V3 device. An attacker who is unauthenticated but on the same local network can send specially crafted SOAP XML requests that cause memory overflow, leading to the device crashing and resulting in a denial-of-service (DoS).