CVE-2026-34122

6.5 MEDIUM
Published: April 02, 2026 Modified: April 06, 2026
View on NVD

Description

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Release Notes
https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Release Notes
https://www.tp-link.com/us/support/faq/5047/
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Vendor Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.5 / 10.0
EPSS (Exploit Probability)
0.0%
4th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-121

Affected Vendors

tp-link

Related CVEs

CVE-2026-6560 8.8
CVE-2026-6559 4.3
CVE-2026-0868 6.4
CVE-2026-6056 N/A
CVE-2026-41242 N/A