cvedb.io
CVE-2026-34124
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-04-02T18:16:29.310 · Last modified 2026-06-17T10:38:34.370

Summary

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.

Affected products

tp-link — tapo_c520ws_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tp-link ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.