Whitelist Validation Bypass in TP-Link Tapo C520WS_CVE-2026-34123

7 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Description

On Tapo
C520WS v2, restricted accounts (for example, hub users) are intended to execute
only a limited set of low‑sensitivity operations. Due to a logic flaw in the
device’s API authorization mechanism, an attacker can craft requests that
leverage legitimate “method mapping” behavior to bypass whitelist restrictions,
allowing restricted operations to be masked as permitted requests and executed.

Successful
exploitation may allow an attacker (with access to a restricted account) to
execute unauthorized sensitive operations.
Depending on the operation invoked, impact could include device
resets, unintended configuration changes, or disruption of normal operation,
leading to loss of availability and integrity of the device.

Basic Information

ID CVE-2026-34123

Source TPLink

Published Jun 5, 2026 at 23:50

Affected Product

Vendor TP-Link Systems Inc.

Product Tapo C520WS v2

Affected Versions TP-Link Systems Inc. Tapo C520WS v2 0

CWE Classification

CWE-287

References

{
    "lastseen": "",
    "description": "On Tapo\nC520WS v2, restricted accounts (for example, hub users) are intended to execute\nonly a limited set of low\u2011sensitivity operations. Due to a logic flaw in the\ndevice\u2019s API authorization mechanism, an attacker can craft requests that\nleverage legitimate \u201cmethod mapping\u201d behavior to bypass whitelist restrictions,\nallowing restricted operations to be masked as permitted requests and executed.\n\n\n\n\n\nSuccessful\nexploitation may allow an attacker (with access to a restricted account) to\nexecute unauthorized sensitive operations.\u00a0\nDepending on the operation invoked, impact could include device\nresets, unintended configuration changes, or disruption of normal operation,\nleading to loss of availability and integrity of the device.",
    "published": "2026-06-05T23:50:40.407Z",
    "modified": "2026-06-05T23:50:40.407Z",
    "type": "cve",
    "title": "Whitelist Validation Bypass in TP-Link Tapo C520WS",
    "source": "TPLink",
    "references": "https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes\nhttps://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes\nhttps://www.tp-link.com/us/support/faq/5120/",
    "id": "CVE-2026-34123",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Tapo C520WS v2 0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tapo C520WS v2",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}