CVE-2026-6241
Deferred Deferred - Pending Action
Authenticated Format String Vulnerability in Tapo C520WS v2

Publication date: 2026-06-06

Last updated on: 2026-06-08

Assigner: TPLink

Description
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory handling behavior. Successful exploitation may cause the ONVIF management service to crash, resulting in DoS condition that impacts normal device operation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-06
Last Modified
2026-06-08
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-6241
EUVD
EUVD-2026-34936
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tapo c520ws 2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-134 The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is an authenticated format string issue in the ONVIF AddScopes feature of the Tapo C520WS v2 camera. Since exploitation can cause the ONVIF management service to crash and result in a denial of service, immediate mitigation should focus on preventing exploitation.

No direct mitigation steps or firmware updates are provided in the available resources for CVE-2026-6241. Therefore, general best practices include restricting access to the device's ONVIF management interface to trusted users only, monitoring for unusual crashes or service disruptions, and applying any future firmware updates from the vendor that address this vulnerability.

Executive Summary

This vulnerability is an authenticated format string issue found in the ONVIF AddScopes feature of the Tapo C520WS v2 device. It occurs because user-controlled input is passed to formatting functions without proper sanitization, allowing an attacker to inject format specifiers into ONVIF scope parameters.

By exploiting this, an attacker can manipulate how memory is handled during the formatting process.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

Successful exploitation of this vulnerability can cause the ONVIF management service on the device to crash.

This crash results in a denial-of-service (DoS) condition, which disrupts normal device operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart