CVE-2026-6239

Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS

CVSS 6.8 MEDIUMEPSS 0.2%CWE-121

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

05 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive number of user entries to trigger memory corruption. Successful exploitation may cause the ONVIF management service to terminate unexpectedly, resulting in a denial‑of‑service (DoS) condition that disrupts device configuration and management functions.

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Productos afectados

TP-Link Systems Inc. · Tapo C520WS v2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes https://www.tp-link.com/us/support/faq/5120/