CVE-2025-14299

MEDIUM

Tapo C200 V3 Firmware - Unauthenticated Denial of Service via HTTPS Content-Length Header Overflow

Title source: llm

Description

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).

References (2)

Core 2

Core References

Release Notes

https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes

Vendor Advisory

https://www.tp-link.com/us/support/faq/4849/

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 12.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190 CWE-770

Status published

Products (12)

tp-link/tapo_c200_firmware 1.3.3 build_230228

tp-link/tapo_c200_firmware 1.3.4 build_230424

tp-link/tapo_c200_firmware 1.3.5 build_230717

tp-link/tapo_c200_firmware 1.3.7 build_230920

tp-link/tapo_c200_firmware 1.3.9 build_231019

tp-link/tapo_c200_firmware 1.3.11 build_231115

tp-link/tapo_c200_firmware 1.3.13 build_240327

tp-link/tapo_c200_firmware 1.3.14 build_240513

tp-link/tapo_c200_firmware 1.3.15 build_240715

tp-link/tapo_c200_firmware 1.4.1 build_241212

... and 2 more

Published Dec 20, 2025

Tracked Since Feb 18, 2026