← Zuruck zu CVEs
CVE-2026-0918
HIGH7.5
Beschreibung
The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/27/2026
Zuletzt geandert3/16/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
tp-link:tapo_c220tp-link:tapo_c220_firmwaretp-link:tapo_c520wstp-link:tapo_c520ws_firmware
Schwachen (CWE)
CWE-476
Referenzen
https://www.crac-learning.com/post/smart-home-security-research-cve-2026-0918-assigned(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tapo-c220/v1/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tapo-c520ws/v2/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/tapo-c100/v5/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/tapo-c220/v1.60/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/tapo-c520ws/v2/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4923/(f23511db-6c3e-4e32-a477-6aa17d310630)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.