Vulnerability Description
A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tapo C520Ws Firmware | < 1.2.4 |
| Tp-Link | Tapo C520Ws | 2.6 |
Related Weaknesses (CWE)
References
- https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-NotesRelease Notes
- https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-NotesRelease Notes
- https://www.tp-link.com/us/support/faq/5047/Vendor Advisory
FAQ
What is CVE-2026-34124?
CVE-2026-34124 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but doe...
How severe is CVE-2026-34124?
CVE-2026-34124 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34124?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tapo C520Ws Firmware, Tp-Link Tapo C520Ws.