← Voltar para CVEs
CVE-2026-0919
HIGH7.5
Descricao
The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/27/2026
Ultima modificacao3/11/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
tp-link:tapo_c220tp-link:tapo_c220_firmwaretp-link:tapo_c520wstp-link:tapo_c520ws_firmware
Fraquezas (CWE)
CWE-20
Referencias
https://www.tp-link.com/en/support/download/tapo-c220/v1/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tapo-c520ws/v2/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/tapo-c220/v1.60/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/tapo-c520ws/v2/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4923/(f23511db-6c3e-4e32-a477-6aa17d310630)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.