Path Traversal on TP-Link Tapo D235 and C260 via Local...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N

Description

On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.

Basic Information

ID CVE-2026-0651

Source TPLink

Published Feb 10, 2026 at 17:27

Affected Product

Vendor TP-Link Systems Inc.

Product Tapo C260 v1

Affected Versions TP-Link Systems Inc. Tapo C260 v1 0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.",
    "published": "2026-02-10T17:27:51.942Z",
    "modified": "2026-02-10T17:27:51.942Z",
    "type": "cve",
    "title": "Path Traversal on TP-Link Tapo D235 and C260 via Local https",
    "source": "TPLink",
    "references": "https://www.tp-link.com/us/support/download/tapo-c260/v1/\nhttps://www.tp-link.com/en/support/download/tapo-c260/v1/\nhttps://www.tp-link.com/us/support/faq/4960/",
    "id": "CVE-2026-0651",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Tapo C260 v1 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tapo C260 v1",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Path Traversal on TP-Link Tapo D235 and C260 via Local https_CVE-2026-0651