NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6239

Summary	A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive number of user entries to trigger memory corruption. Successful exploitation may cause the ONVIF management service to terminate unexpectedly, resulting in a denial‑of‑service (DoS) condition that disrupts device configuration and management functions.
Publication Date	June 6, 2026, 9:16 a.m.
Registration Date	June 7, 2026, 4:12 a.m.
Last Update	June 6, 2026, 9:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes	f23511db-6c3e-4e32-a477-6aa17d310630
2	https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes	f23511db-6c3e-4e32-a477-6aa17d310630
3	https://www.tp-link.com/us/support/faq/5120/	f23511db-6c3e-4e32-a477-6aa17d310630

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-121	スタックオーバーフロー	https://cwe.mitre.org/data/definitions/121.html