| ID |
CVE-2026-6250
|
| Sažetak |
An
authenticated format string vulnerability exists in the ONVIF service of Tapo
C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as
a format string, which can be used to manipulate stack memory, including
control flow data such as return addresses.
A remote
authenticated attacker may redirect execution flow to existing internal
functions, triggering an unauthorized factory reset, leading to loss of
configuration, deletion of stored credentials and service disruption. |
| Reference |
|
| CVSS |
| Base: | 8.1 |
| Impact: | 5.2 |
| Exploitability: | 2.8 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
HIGH |
HIGH |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Zadnje važnije ažuriranje |
16-06-2026 - 14:19 |
| Objavljeno |
11-06-2026 - 22:16 |