CVE-2026-8714

HIGH7.1

Description

A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTSP in a denial-of-service condition.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

TP-Link Systems Inc. / Tapo C520WS v20 – 1.2.6 Build 260528 Rel.60422n

References

MISChttps://www.tp-link.com/us/support/download/tapo-c520ws/v2/#Firmware-Release-Notes
MISChttps://www.tp-link.com/en/support/download/tapo-c520ws/v2/#Firmware-Release-Notes
MISChttps://www.tp-link.com/us/support/faq/5118/