CVE-2026-34121
Authentication Bypass in TP-Link Tapo C520WS DS Configuration Service
Publication date: 2026-04-02
Last updated on: 2026-04-06
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tapo_c520ws_firmware | to 1.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass issue in the HTTP handling of the DS configuration service in TP-Link Tapo C520WS version 2.6. It occurs because of inconsistent parsing and authorization logic in JSON requests during the authentication check.
An unauthenticated attacker can exploit this by appending an authentication-exempt action to a request that contains privileged DS do actions, effectively bypassing the authorization checks.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability allows an unauthenticated attacker to execute restricted configuration actions on the device.
This may result in unauthorized modification of the device state, potentially compromising the device's security and functionality.