Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:50 p.m.9 views

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.4AI score0.00151EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 5:52 p.m.3 views

CVE-2026-0919

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...

7.5CVSS5.4AI score0.00534EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/01/27 5:52 p.m.4 views

CVE-2026-0918

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can...

7.1CVSS5.9AI score0.00682EPSS
Exploits0References7
EUVD
EUVD
added 2026/01/27 5:52 p.m.7 views

EUVD-2026-4792

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can...

7.1CVSS5.9AI score0.00682EPSS
Exploits0References5
Rows per page
Query Builder