CVE-2026-34122
Stack-Based Buffer Overflow in TP-Link Tapo C520WS Causes DoS
Publication date: 2026-04-02
Last updated on: 2026-04-06
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tapo_c520ws_firmware | to 1.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in the TP-Link Tapo C520WS version 2.6. It occurs in a configuration handling component due to insufficient input validation. An attacker can exploit it by providing an excessively long value for a vulnerable configuration parameter, which causes a stack overflow.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to a Denial-of-Service (DoS) condition. This means the affected device may crash or reboot unexpectedly, resulting in loss of availability of the device or its services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a Denial-of-Service (DoS) condition by crashing or rebooting the device, which impacts availability.
Since availability is a key component of many compliance standards such as GDPR and HIPAA, this vulnerability could negatively affect compliance by disrupting service availability.
However, there is no specific information provided about direct impacts on data confidentiality or integrity, or explicit references to compliance requirements.