Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (TPLink) · only source for this CVE.
CVSS VectorVendor: TPLink
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state.
Successful exploitation may cause the RTSP in a denial-of-service condition.
AnalysisAI
Denial of service in the RTSP server of TP-Link Tapo C520WS v2 IP cameras allows adjacent network attackers to render the camera's video streaming service non-responsive by sending syntactically invalid RTSP input. The flaw is reachable without authentication or user interaction from the local network segment (CVSS 4.0 vector AV:A/PR:N/UI:N) and no public exploit identified at time of analysis. While confidentiality and integrity are unaffected, availability of the surveillance stream is fully impacted, which is operationally significant for a security camera.
Technical ContextAI
The Tapo C520WS v2 is a TP-Link outdoor pan/tilt Wi-Fi security camera (CPE cpe:2.3:a:tp-link_systems_inc.:tapo_c520ws_v2) that exposes a Real-Time Streaming Protocol (RTSP) server, typically on TCP/554, to enable video streaming to NVRs, VLC, and third-party clients. The root cause is classified as CWE-20 (Improper Input Validation): the RTSP parser fails to gracefully reject syntactically malformed request messages, instead entering a processing error state that locks up the service thread. RTSP is a text-based control protocol similar in structure to HTTP, and parsers historically suffer from validation gaps when handling malformed methods, headers, or SDP payloads.
RemediationAI
Patch available per vendor advisory - download and install the latest Tapo C520WS v2 firmware from https://www.tp-link.com/us/support/download/tapo-c520ws/v2/#Firmware-Release-Notes (mirrored at the /en/ URL) and review the FAQ at https://www.tp-link.com/us/support/faq/5118/ for upgrade instructions. The exact patched firmware version string is not enumerated in the provided data, so verify against the release notes before deployment. As compensating controls until patching, segment cameras onto a dedicated VLAN or IoT SSID to remove untrusted devices from the adjacent network required by AV:A, and block inbound TCP/554 (RTSP) at the gateway from any segment other than your NVR - the side effect is that third-party RTSP clients (VLC, Home Assistant) outside that segment will lose direct stream access and must proxy through the Tapo cloud or NVR.
More in Tapo C520Ws V2
View allAuthorization bypass in TP-Link Tapo C520WS v2 cameras allows holders of restricted accounts (such as hub users) to exec
Format string injection in the TP-Link Tapo C520WS v2 ONVIF Subscribe service allows a high-privileged attacker on the s
Format string exploitation in TP-Link's Tapo C520WS v2 ONVIF management service allows an authenticated attacker on an a
Stack-based buffer overflow in TP-Link Tapo C520WS v2 allows an authenticated attacker with adjacent network access to c
Stack-based buffer overflow in the ONVIF CreateUsers service of the TP-Link Tapo C520WS v2 IP camera allows an authentic
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34855
GHSA-78fp-rfh4-99fh