cvedb.io
CVE-2025-8065
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-12-20T01:16:05.410 · Last modified 2026-06-17T10:06:14.603

Summary

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.

Affected products

tp-link — tapo_c200_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tp-link ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.