Tp-link Tapo C520ws Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Tp-link Tapo C520ws Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2026-34121 — CVSS 8.8 (high): An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified…
CVE-2026-1315 — CVSS 7.5 (high): By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before…
CVE-2026-0919 — CVSS 7.5 (high): The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An…
CVE-2026-0918 — CVSS 7.5 (high): The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large…
CVE-2026-34122 — CVSS 6.5 (medium): A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to…
CVE-2026-34124 — CVSS 6.5 (medium): A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation…
CVE-2026-8714 — CVSS 6.5 (medium): A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically…
CVE-2026-34118 — CVSS 6.5 (medium): A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing…
CVE-2026-34119 — CVSS 6.5 (medium): A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented…
CVE-2026-34120 — CVSS 6.5 (medium): A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream…