Unauthenticated Denial of Service via Oversized URL in HTTP Parser...

7.1 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.

Basic Information

ID CVE-2026-0919

Source TPLink

Published Jan 27, 2026 at 17:52

Affected Product

Vendor TP-Link Systems Inc.

Product Tapo C220 v1

Affected Versions TP-Link Systems Inc. Tapo C220 v1 0
TP-Link Systems Inc. Tapo C520WS v2 0

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid\u2011URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart.\u00a0An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.",
    "published": "2026-01-27T17:52:39.170Z",
    "modified": "2026-01-27T17:52:39.170Z",
    "type": "cve",
    "title": "Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C220 & C520WS",
    "source": "TPLink",
    "references": "https://www.tp-link.com/us/support/download/tapo-c220/v1.60/\nhttps://www.tp-link.com/en/support/download/tapo-c220/v1/\nhttps://www.tp-link.com/us/support/download/tapo-c520ws/v2/\nhttps://www.tp-link.com/en/support/download/tapo-c520ws/v2/\nhttps://www.tp-link.com/us/support/faq/4923/",
    "id": "CVE-2026-0919",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Tapo C220 v1 0\nTP-Link Systems Inc. Tapo C520WS v2 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tapo C220 v1",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C220 & C520WS_CVE-2026-0919