← voltar
CVE-2026-1315

Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

CVSS 7.1 HIGHEPSS 0.6%CWE-20
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Produtos afetados
TP-Link Systems Inc. · Tapo C220 v1TP-Link Systems Inc. · Tapo C520WS v2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.tp-link.com/en/support/download/tapo-c220/v1/https://www.tp-link.com/en/support/download/tapo-c520ws/v2/https://www.tp-link.com/us/support/download/tapo-c220/v1.60/https://www.tp-link.com/us/support/download/tapo-c520ws/v2/https://www.tp-link.com/us/support/faq/4923/