Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.
Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
AnalysisAI
Denial of service in TP-Link Tapo C200 v5 IP cameras allows adjacent network attackers to crash the RTSP service and force a device reboot by sending a crafted Authorization header in an RTSP authentication request. The flaw is a stack-based buffer overflow (CWE-121) in the RTSP authentication handler; no public exploit identified at time of analysis, but vendor-acknowledged and patched firmware is available from TP-Link.
Technical ContextAI
The Tapo C200 v5 is a consumer/SMB Wi-Fi pan-tilt IP camera that exposes a Real Time Streaming Protocol (RTSP) service for live video access. RTSP authentication typically uses HTTP-style Digest or Basic challenges carried in an Authorization header. The CWE-121 stack-based buffer overflow indicates that the camera's RTSP core service copies the Authorization header value into a fixed-size stack buffer without first validating its length, so an oversized header overruns the buffer, corrupts the call stack, and crashes the service. The CPE confirms the issue is scoped to cpe:2.3:a:tp-link_systems_inc.:tapo_c200_v5, i.e. the v5 hardware revision of the Tapo C200 line.
RemediationAI
Patch available per vendor advisory: download and install the latest Tapo C200 v5 firmware from the TP-Link release-notes page (https://www.tp-link.com/us/support/download/tapo-c200/v5/#Firmware-Release-Notes, regional mirrors at /en/ and /kr/) and reference the vendor FAQ at https://www.tp-link.com/us/support/faq/5113/ for confirmation of the fixed build. As the exact patched version string is not included in the input, verify the installed firmware against the release notes after upgrading. Until firmware can be applied, segment the camera onto an isolated IoT VLAN or dedicated SSID so only trusted hosts share its broadcast domain (limits the AV:A attack surface), disable the RTSP service via the Tapo app if live RTSP streaming is not required (loses third-party NVR/VLC integration), and block inbound RTSP (TCP/554) from untrusted clients at the access point or router firewall.
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to r
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_set
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in c
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_sta
TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized indi
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the functio
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33978
GHSA-92jw-rf4g-rwr2