CVE-2026-6250
Authenticated Format String Injection on TP-Link Tapo C110
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption.
| CWE | CWE-134 |
| Vendor | tp-link systems inc. |
| Product | tapo c110 v2 |
| Published | Jun 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. tapo c110 v2
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. tapo c110 v2 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
TP-Link Systems Inc. / Tapo C110 v2
0 < 1.5.4 Build 260428
References
tp-link.com: https://www.tp-link.com/us/support/download/tapo-c110/v2/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/en/support/download/tapo-c110/v2/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/kr/support/download/tapo-c110/v2/#Firmware-Release-Notes tp-link.com: https://www.tp-link.com/us/support/faq/5128/
Credits
Juhyeop Lee(@juhye0p) of STEALIEN