CVE-2026-1871
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-121
Desbordamiendo de búfer basado en pila (Stack)
Fecha de publicación:
02/06/2026
Última modificación:
04/06/2026
Descripción
*** Pendiente de traducción *** TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.<br />
<br />
Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Impacto
Puntuación base 4.0
7.10
Gravedad 4.0
ALTA
Puntuación base 3.x
6.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.5:build_240327:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.12:build_240527:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.13:build_240619:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.0.17:build_240806:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.4:build_241219:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.1.8:build_250310:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.3:build_250610:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.1:build_250910:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_251119:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_260228:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tapo_c200:5:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página



