CVE-2026-34124
Buffer Overflow in TP-Link Tapo C520WS Causes DoS
Publication date: 2026-04-02
Last updated on: 2026-04-06
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tapo_c520ws_firmware | to 1.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service issue found in the TP-Link Tapo C520WS device, version 2.6. It occurs in the HTTP request path parsing logic, where the device enforces length restrictions on the raw request path but fails to consider the path expansion that happens during normalization. An attacker on the same network can send a specially crafted HTTP request that causes a buffer overflow and memory corruption.
As a result, this can lead to system interruption or cause the device to reboot unexpectedly.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this denial-of-service vulnerability in TP-Link Tapo C520WS affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
The primary impact of this vulnerability is denial-of-service. An attacker on the adjacent network can exploit this flaw to cause the device to experience buffer overflow and memory corruption, which may interrupt its normal operation or force it to reboot.
This can result in loss of availability of the device, potentially disrupting any services or functions that depend on it.