CVE-2026-6240
Stack-Based Buffer Overflow in Tapo C520WS v2
Publication date: 2026-06-06
Last updated on: 2026-06-06
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tapo_c520ws | 2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in the Tapo C520WS v2 device within the ONVIF DeleteUsers service. It occurs because the service does not properly check the boundaries when processing multiple user deletion parameters. An attacker who is authenticated can send a specially crafted request with too many user identifiers, causing the stack memory to overflow.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a stack-based buffer overflow in the ONVIF DeleteUsers service of the Tapo C520WS v2 device, triggered by sending a crafted malicious request with an excessive number of user identifiers.
Detection would involve monitoring for unusual or excessive DeleteUsers requests to the ONVIF service, especially those containing a large number of user deletion parameters.
Since the vulnerability requires authenticated access, commands or scripts that analyze logs or network traffic for such suspicious requests could help detect exploitation attempts.
However, no specific detection commands or tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability can cause service crashes or deadlocks leading to denial of service on the device.
Immediate mitigation steps include restricting authenticated access to the ONVIF DeleteUsers service to trusted users only.
Monitoring and limiting the number of user deletion requests can reduce the risk of exploitation.
Since no firmware update or patch information is provided in the context or resources, it is recommended to check with the vendor for any available security updates addressing this issue.
How can this vulnerability impact me? :
If exploited successfully, this vulnerability can cause the device's service to crash or become unresponsive (deadlock), resulting in a denial of service (DoS). This impacts the device's management and monitoring functions, potentially disrupting normal operations.