Vulnerability Description
A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tapo C520Ws Firmware | < 1.2.4 |
| Tp-Link | Tapo C520Ws | 2.6 |
Related Weaknesses (CWE)
References
- https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-NotesRelease Notes
- https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-NotesRelease Notes
- https://www.tp-link.com/us/support/faq/5047/Vendor Advisory
FAQ
What is CVE-2026-34122?
CVE-2026-34122 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vul...
How severe is CVE-2026-34122?
CVE-2026-34122 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34122?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tapo C520Ws Firmware, Tp-Link Tapo C520Ws.