CVE-2026-34119

{"id": "CVE-2026-34119", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-02T18:16:28.680", "references": [{"url": "https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes", "tags": ["Release Notes"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes", "tags": ["Release Notes"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/5047/", "tags": ["Vendor Advisory"], "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing\nloop\nwhen appending segmented request bodies without\ncontinuous write\u2011boundary verification, due to\u00a0insufficient boundary validation when handling externally supplied HTTP input.\u00a0\u00a0An attacker\non the same network segment could trigger heap memory corruption conditions by\nsending crafted payloads that cause write operations beyond allocated buffer\nboundaries.\u00a0 Successful exploitation\ncauses a Denial-of-Service (DoS) condition, causing the device\u2019s process to\ncrash or become unresponsive."}], "lastModified": "2026-04-06T20:26:38.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tapo_c520ws_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "710DD89A-E94F-4371-A03F-698C2F61D9C1", "versionEndExcluding": "1.2.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tapo_c520ws:2.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72666951-E72F-4494-9A90-1F0B22E2F3CD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}