CVE-2026-6242
Deferred Deferred - Pending Action

Authenticated Format String Vulnerability in Tapo C520WS v2

Vulnerability report for CVE-2026-6242, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-06

Last updated on: 2026-06-08

Assigner: TPLink

Description

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation path to disrupt normal service execution. Successful exploitation may cause the event notification service to terminate unexpectedly, resulting in the loss of real-time alarm functionality and disruption of event notifications.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-06
Last Modified
2026-06-08
Generated
2026-07-17
AI Q&A
2026-06-06
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tapo c520ws 2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-134 The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an authenticated format string issue in the ONVIF Subscribe service of the Tapo C520WS v2 device. It occurs because the service improperly handles externally supplied parameters within formatting functions. An attacker who is authenticated can inject specially crafted format strings into event subscription requests or during notification generation.

This injection can disrupt the normal execution of the service, potentially causing it to terminate unexpectedly.

Impact Analysis

Exploiting this vulnerability can cause the event notification service on the device to stop working unexpectedly. This results in the loss of real-time alarm functionality and disruption of event notifications, which could impact monitoring and security operations relying on timely alerts.

Mitigation Strategies

To mitigate the authenticated format string vulnerability in the ONVIF Subscribe service of the Tapo C520WS v2, immediate steps include ensuring that the device firmware is updated to the latest version provided by the vendor.

Although the provided resources do not specify a direct fix for CVE-2026-6242, it is generally recommended to check for firmware updates from TP-Link that address security issues and apply them promptly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6242. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart