Home

Description

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.

PUBLISHED Reserved 2026-01-21 | Published 2026-01-27 | Updated 2026-01-27 | Assigner TPLink




HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version before 1.4.2 Build 251112
affected

Default status
unaffected

Any version before 1.2.3 Build 251114
affected

Credits

Diogo Almeida @NeWbie finder

References

www.tp-link.com/us/support/download/tapo-c220/v1.60/ patch

www.tp-link.com/en/support/download/tapo-c220/v1/ patch

www.tp-link.com/us/support/download/tapo-c520ws/v2/ patch

www.tp-link.com/en/support/download/tapo-c520ws/v2/ patch

www.tp-link.com/us/support/faq/4923/ vendor-advisory

cve.org (CVE-2026-1315)

nvd.nist.gov (CVE-2026-1315)

Download JSON