CVE-2026-1871

MEDIUM

Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200

Title source: cna

Description

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

References (4)

Core 4

Core References

Patch patch

https://www.tp-link.com/us/support/download/tapo-c200/v5/#Firmware-Release-Notes

Patch patch

https://www.tp-link.com/en/support/download/tapo-c200/v5/#Firmware-Release-Notes

Patch patch

https://www.tp-link.com/kr/support/download/tapo-c200/#Firmware-Release-Notes

Vendor Advisory vendor-advisory

https://www.tp-link.com/us/support/faq/5113/

Scores

CVSS v3 6.5

EPSS 0.0031

EPSS Percentile 21.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (11)

tp-link/tapo_c200_firmware 1.0.5 build_240327

tp-link/tapo_c200_firmware 1.0.12 build_240527

tp-link/tapo_c200_firmware 1.0.13 build_240619

tp-link/tapo_c200_firmware 1.0.17 build_240806

tp-link/tapo_c200_firmware 1.1.4 build_241219

tp-link/tapo_c200_firmware 1.1.8 build_250310

tp-link/tapo_c200_firmware 1.2.3 build_250610

tp-link/tapo_c200_firmware 1.3.1 build_250910

tp-link/tapo_c200_firmware 1.3.3 build_251119

tp-link/tapo_c200_firmware 1.3.5 build_260228

... and 1 more

Published Jun 02, 2026

Tracked Since Jun 02, 2026