Tapo C220 Firmware
CVE-2026-0919
HIGH
Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.
AnalysisAI
Tapo C220 and C520WS network cameras contain an HTTP parser defect that crashes the device when processing requests with excessively long URL paths, allowing unauthenticated remote attackers to trigger repeated denial of service through device reboots. The vulnerability stems from improper error handling that attempts to access unallocated buffers during cleanup operations. No patch is currently available for affected firmware versions.
Technical ContextAI
Classified as CWE-20 (Improper Input Validation). Affects Tapo C220 Firmware. The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Tapo C220 Firmware
View allUnauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially cra
Null pointer dereference in TP-Link Tapo C220 v1 and C520WS v2 cameras allows adjacent network attackers to crash the HT
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today