Tp-link Tapo C200 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Tp-link Tapo C200 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-4045 — CVSS 9.8 (critical): TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the…
CVE-2025-14300 — CVSS 8.1 (high): The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same…
CVE-2026-1871 — CVSS 6.5 (medium): TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of…
CVE-2025-14299 — CVSS 6.5 (medium): The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An…
CVE-2025-8065 — CVSS 6.5 (medium): A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing…
CVE-2026-12760 — CVSS 6.5 (medium): A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling…
CVE-2020-11445 — CVSS 5.3 (medium): TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors…
CVE-2023-49515 — CVSS 4.6 (medium): Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically…
CVE-2023-27126 — CVSS 4.6 (medium): The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An…