CVE-2026-0918

Sažetak

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.

Reference

https://www.tp-link.com/en/support/download/tapo-c220/v1/
https://www.tp-link.com/en/support/download/tapo-c520ws/v2/
https://www.tp-link.com/us/support/download/tapo-c100/v5/
https://www.tp-link.com/us/support/download/tapo-c220/v1.60/
https://www.tp-link.com/us/support/download/tapo-c520ws/v2/
https://www.tp-link.com/us/support/faq/4923/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

10-02-2026 - 00:16

Objavljeno

27-01-2026 - 18:15