CVE-2026-1871
Stack-Based Buffer Overflow in TP-Link Tapo C200 v5 RTSP Authentication
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tapo_c200 | to 1.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-1871 vulnerability in the TP-Link Tapo C200 v5 camera, it is recommended to update the device firmware to the latest version.
Specifically, update to firmware version 1.4.4 Build 260527 Rel.28339n or later, as this version addresses the stack-based buffer overflow flaw in the RTSP authentication mechanism.
Failure to apply this update may leave the device vulnerable to denial of service attacks caused by crafted authentication requests.
Can you explain this vulnerability to me?
CVE-2026-1871 is a stack-based buffer overflow vulnerability in the RTSP authentication handling of the TP-Link Tapo C200 v5 camera. It occurs because the device improperly validates the length of the Authorization header field in authentication requests.
An attacker can exploit this flaw by sending a specially crafted authentication request, which causes the RTSP core service process to crash and triggers an automatic system reboot.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability results in a denial of service (DoS) condition. The affected RTSP core service crashes and the system automatically reboots.
During this downtime, legitimate users are prevented from accessing the cameraβs live video stream or management interface until the service restarts.