← Retour aux CVEs
CVE-2026-0652
HIGH8.8
Description
On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/10/2026
Derniere modification2/13/2026
Sourcenvd
Observations honeypot0
Produits affectes
tp-link:tapo_c260tp-link:tapo_c260_firmware
Faiblesses (CWE)
CWE-78
References
https://www.tp-link.com/en/support/download/tapo-c260/v1/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/tapo-c260/v1/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4960/(f23511db-6c3e-4e32-a477-6aa17d310630)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.