CVE-2026-12760

Vulnerability Description

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.

Related Weaknesses (CWE)

References

• https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes
• https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes
• https://www.tp-link.com/us/support/faq/5143/

FAQ

What is CVE-2026-12760?

CVE-2026-12760 is a documented vulnerability. A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attac...

How severe is CVE-2026-12760?

CVSS scoring is not yet available for CVE-2026-12760. Check NVD for updates.

Is there a patch for CVE-2026-12760?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.