CVE-2026-1871

Summary

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.

Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Tapo C200 v50 < 1.4.4 Build 260527 Rel.28339naffected

Weaknesses

  • CWE-121: CWE-121 Stack-based buffer overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References