Skip to main content
CVE-2025-8065 HIGH This Week

Stack-based buffer overflow in the ONVIF SOAP XML parser of TP-Link Tapo C200 v3 (firmware ≤1.4.1) and C520WS v2.6 cameras enables unauthenticated remote code execution from adjacent networks. Attackers can send crafted SOAP requests with oversized namespace prefixes to trigger memory corruption and achieve full device compromise with elevated privileges. EPSS probability and KEV status indicate no public exploit identified at time of analysis, though the vulnerability affects widely deployed consumer IoT cameras with network exposure.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-14300 HIGH This Week

Missing authentication on the HTTPS connectAP interface in TP-Link Tapo C200 V3 firmware (versions 1.3.3 through 1.4.1) allows adjacent network attackers to remotely reconfigure device Wi-Fi settings, causing permanent denial-of-service until manual intervention. The vulnerability exploits CWE-306 (Missing Authentication for Critical Function) with CVSS 8.7 severity, requiring only adjacent network access with low attack complexity and no user interaction. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the technical barrier is minimal for LAN-positioned adversaries.

TP-Link IoT Authentication Bypass Denial Of Service Tapo C200 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy