CVE-2026-1871
Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the cameraβs live video stream or management interface until the service restarts.
| CWE | CWE-121 |
| Vendor | tp-link systems inc. |
| Product | tapo c200 v5 |
| Published | Jun 2, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. tapo c200 v5
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. tapo c200 v5 are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
TP-Link Systems Inc. / Tapo C200 v5
0 < 1.4.4 Build 260527 Rel.28339n
References
tp-link.com: https://www.tp-link.com/us/support/download/tapo-c200/v5/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/tapo-c200/v5/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/kr/support/download/tapo-c200/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/faq/5113/
Credits
Sumin Kim (@Shine)