Skip to main content

Tapo C220 Firmware

3 CVEs product

Monthly

CVE-2026-1315 HIGH This Week

Unauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially crafted files to the firmware update endpoint, bypassing authentication and integrity checks. This results in a persistent denial of service condition that requires manual device reboot to restore functionality. No patch is currently available for affected firmware versions.

Denial Of Service Tapo C520ws Firmware Tapo C220 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-0919 HIGH This Week

Tapo C220 and C520WS network cameras contain an HTTP parser defect that crashes the device when processing requests with excessively long URL paths, allowing unauthenticated remote attackers to trigger repeated denial of service through device reboots. The vulnerability stems from improper error handling that attempts to access unallocated buffers during cleanup operations. No patch is currently available for affected firmware versions.

Denial Of Service Tapo C220 Firmware Tapo C520ws Firmware
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-0918 HIGH This Week

Null pointer dereference in TP-Link Tapo C220 v1 and C520WS v2 cameras allows adjacent network attackers to crash the HTTP service via malformed POST requests with excessive Content-Length headers. Attackers can sustain denial of service through repeated crashes despite automatic device restarts. EPSS score is low (0.03%, 10th percentile), indicating minimal observed exploitation activity. No public exploit code or CISA KEV listing identified at time of analysis.

Null Pointer Dereference Denial Of Service Tapo C220 Firmware Tapo C520ws Firmware
NVD
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially crafted files to the firmware update endpoint, bypassing authentication and integrity checks. This results in a persistent denial of service condition that requires manual device reboot to restore functionality. No patch is currently available for affected firmware versions.

Denial Of Service Tapo C520ws Firmware Tapo C220 Firmware
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Tapo C220 and C520WS network cameras contain an HTTP parser defect that crashes the device when processing requests with excessively long URL paths, allowing unauthenticated remote attackers to trigger repeated denial of service through device reboots. The vulnerability stems from improper error handling that attempts to access unallocated buffers during cleanup operations. No patch is currently available for affected firmware versions.

Denial Of Service Tapo C220 Firmware Tapo C520ws Firmware
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Null pointer dereference in TP-Link Tapo C220 v1 and C520WS v2 cameras allows adjacent network attackers to crash the HTTP service via malformed POST requests with excessive Content-Length headers. Attackers can sustain denial of service through repeated crashes despite automatic device restarts. EPSS score is low (0.03%, 10th percentile), indicating minimal observed exploitation activity. No public exploit code or CISA KEV listing identified at time of analysis.

Null Pointer Dereference Denial Of Service Tapo C220 Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy