This page lists publicly disclosed CVE vulnerabilities affecting tp-link tapo_c200_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-12760 | A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and record | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.1 | 0.18% | 2026-06-24 | 2026-06-29 |
| CVE-2026-1871 | TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface unti | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.1 | 0.30% | 2026-06-02 | 2026-06-17 |
| CVE-2025-8065 | A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated pri | f23511db-6c3e-4e32-a477-6aa17d310630 | 8.7 | 0.47% | 2025-12-19 | 2026-06-17 |
| CVE-2025-14300 | The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS). | f23511db-6c3e-4e32-a477-6aa17d310630 | 8.7 | 0.30% | 2025-12-19 | 2026-06-17 |
| CVE-2025-14299 | The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS). | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.1 | 0.22% | 2025-12-19 | 2026-06-17 |
| CVE-2023-49515 | Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | [email protected] | 4.6 | 0.36% | 2024-01-16 | 2026-06-17 |
| CVE-2023-27126 | The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | [email protected] | 4.6 | 0.42% | 2023-06-06 | 2026-07-05 |
| CVE-2021-4045 | TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. | [email protected] | 9.8 | 72.19% | 2022-03-10 | 2026-06-17 |
| CVE-2020-11445 | TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | [email protected] | 5.3 | 1.76% | 2020-04-01 | 2026-06-16 |