Is Tapo C260 Firmware affected by CVE-2026-0653?

CVE-2026-0653 presents notable security risk, a improper access control vulnerability rated CVSS 6.5. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-0653

MEDIUM

2026-02-10 f23511db-6c3e-4e32-a477-6aa17d310630

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 18:16 nvd

MEDIUM 6.5

Description

On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution.

Analysis

Guest users on TP-Link Tapo C260 v1 cameras can modify protected device settings by exploiting inadequate access controls on synchronization endpoints. Authenticated attackers with limited privileges can bypass restrictions to change sensitive configuration parameters without authorization. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: 0

CVE-2026-0653 vulnerability details – vuln.today

Back

CVE-2026-0653

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-0653

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code