Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link...

6.8 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

A stack‑based
buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where
the device fails to properly validate the number of XML user nodes during
request processing. An authenticated attacker can send a specially crafted
ONVIF request containing an excessive number of user entries to trigger memory
corruption.

Successful
exploitation may cause the ONVIF management service to terminate unexpectedly,
resulting in a denial‑of‑service (DoS) condition that disrupts device
configuration and management functions.

Basic Information

ID CVE-2026-6239

Source TPLink

Published Jun 5, 2026 at 23:50

Affected Product

Vendor TP-Link Systems Inc.

Product Tapo C520WS v2

Affected Versions TP-Link Systems Inc. Tapo C520WS v2 0

CWE Classification

CWE-121

References

{
    "lastseen": "",
    "description": "A stack\u2011based\nbuffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where\nthe device fails to properly validate the number of XML user nodes during\nrequest processing. An authenticated attacker can send a specially crafted\nONVIF request containing an excessive number of user entries to trigger memory\ncorruption.\n\n\n\n\n\n\n\n\n\nSuccessful\nexploitation may cause the ONVIF management service to terminate unexpectedly,\nresulting in a denial\u2011of\u2011service (DoS) condition that disrupts device\nconfiguration and management functions.",
    "published": "2026-06-05T23:50:59.001Z",
    "modified": "2026-06-05T23:50:59.001Z",
    "type": "cve",
    "title": "Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS",
    "source": "TPLink",
    "references": "https://www.tp-link.com/us/support/download/tapo-c520ws/#Firmware-Release-Notes\nhttps://www.tp-link.com/en/support/download/tapo-c520ws/#Firmware-Release-Notes\nhttps://www.tp-link.com/us/support/faq/5120/",
    "id": "CVE-2026-6239",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Tapo C520WS v2 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tapo C520WS v2",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS_CVE-2026-6239