CVE-2026-6240
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in Tapo C520WS v2

Publication date: 2026-06-06

Last updated on: 2026-06-08

Assigner: TPLink

Description
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-06
Last Modified
2026-06-08
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-6240
EUVD
EUVD-2026-34935
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link tapo_c520ws 2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves a stack-based buffer overflow in the ONVIF DeleteUsers service of the Tapo C520WS v2 device, triggered by sending a crafted malicious request with an excessive number of user identifiers.

Detection would involve monitoring for unusual or excessive DeleteUsers requests to the ONVIF service, especially those containing a large number of user deletion parameters.

Since the vulnerability requires authenticated access, commands or scripts that analyze logs or network traffic for such suspicious requests could help detect exploitation attempts.

However, no specific detection commands or tools are provided in the available information.

Mitigation Strategies

The vulnerability can cause service crashes or deadlocks leading to denial of service on the device.

Immediate mitigation steps include restricting authenticated access to the ONVIF DeleteUsers service to trusted users only.

Monitoring and limiting the number of user deletion requests can reduce the risk of exploitation.

Since no firmware update or patch information is provided in the context or resources, it is recommended to check with the vendor for any available security updates addressing this issue.

Executive Summary

This vulnerability is a stack-based buffer overflow found in the Tapo C520WS v2 device within the ONVIF DeleteUsers service. It occurs because the service does not properly check the boundaries when processing multiple user deletion parameters. An attacker who is authenticated can send a specially crafted request with too many user identifiers, causing the stack memory to overflow.

Impact Analysis

If exploited successfully, this vulnerability can cause the device's service to crash or become unresponsive (deadlock), resulting in a denial of service (DoS). This impacts the device's management and monitoring functions, potentially disrupting normal operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6240. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart