Tapo C520ws Firmware
Monthly
Unauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially crafted files to the firmware update endpoint, bypassing authentication and integrity checks. This results in a persistent denial of service condition that requires manual device reboot to restore functionality. No patch is currently available for affected firmware versions.
Tapo C220 and C520WS network cameras contain an HTTP parser defect that crashes the device when processing requests with excessively long URL paths, allowing unauthenticated remote attackers to trigger repeated denial of service through device reboots. The vulnerability stems from improper error handling that attempts to access unallocated buffers during cleanup operations. No patch is currently available for affected firmware versions.
Unauthenticated remote denial of service in TP-Link Tapo C220 and C520WS network cameras allows attackers to crash the HTTP service by sending POST requests with malformed Content-Length headers, triggering a null pointer dereference. Repeated attacks can keep the devices offline despite automatic restarts, with no available patch to mitigate the vulnerability. This affects camera availability and requires manual intervention to restore service.
Unauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially crafted files to the firmware update endpoint, bypassing authentication and integrity checks. This results in a persistent denial of service condition that requires manual device reboot to restore functionality. No patch is currently available for affected firmware versions.
Tapo C220 and C520WS network cameras contain an HTTP parser defect that crashes the device when processing requests with excessively long URL paths, allowing unauthenticated remote attackers to trigger repeated denial of service through device reboots. The vulnerability stems from improper error handling that attempts to access unallocated buffers during cleanup operations. No patch is currently available for affected firmware versions.
Unauthenticated remote denial of service in TP-Link Tapo C220 and C520WS network cameras allows attackers to crash the HTTP service by sending POST requests with malformed Content-Length headers, triggering a null pointer dereference. Repeated attacks can keep the devices offline despite automatic restarts, with no available patch to mitigate the vulnerability. This affects camera availability and requires manual intervention to restore service.