CVE-2026-12760
Received Received - Intake
Denial-of-Service in Tapo C200 v3 via IPv4 Fragmented Packets

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: TPLink

Description
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.Β  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition,Β causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-12760
EUVD
EUVD-2026-39026
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link tapo_c200 3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability causes a denial-of-service condition that leads to intermittent loss of video monitoring and recording on the Tapo C200 v3 camera.

Such disruption in video surveillance could impact compliance with standards and regulations like GDPR and HIPAA, which often require continuous monitoring and secure recording of video data to protect privacy and ensure data integrity.

If video feeds are interrupted or recordings are lost due to this vulnerability, organizations may fail to meet regulatory requirements for data availability and security.

Applying the recommended firmware updates mitigates this risk by restoring device stability and ensuring continuous monitoring.

Mitigation Strategies

To mitigate the CVE-2026-12760 vulnerability in the Tapo C200 v3 camera, users should immediately update their device firmware to the latest version provided by TP-Link.

  • Download and install the firmware update version 1.4.4 Build 250922 or later.
  • Ensure the device is connected to a secure network to reduce exposure to unauthenticated adjacent attackers.
  • After updating, monitor the device for any unusual behavior or instability.
Executive Summary

This vulnerability is a denial-of-service (DoS) issue found in the Tapo C200 v3 camera. It occurs because the device improperly handles IPv4 fragmented network packets. An attacker who is nearby and unauthenticated can send specially crafted packets that cause the device to consume excessive resources.

As a result, the device becomes unstable and unresponsive temporarily, leading to interruptions in video monitoring and recording.

Impact Analysis

Exploitation of this vulnerability can cause the Tapo C200 v3 camera to become temporarily unresponsive, resulting in a denial-of-service condition.

This means you may experience intermittent loss of video monitoring and recording, which could impact security surveillance and monitoring capabilities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12760. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart