Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-12760

Summary
Assigner-TPLink
Assigner Org ID-f23511db-6c3e-4e32-a477-6aa17d310630
Published At-24 Jun, 2026 | 18:10
Updated At-24 Jun, 2026 | 18:53
Rejected At-
Credits

Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TPLink
Assigner Org ID:f23511db-6c3e-4e32-a477-6aa17d310630
Published At:24 Jun, 2026 | 18:10
Updated At:24 Jun, 2026 | 18:53
Rejected At:
▼CVE Numbering Authority (CNA)
Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.

Affected Products
Vendor
TP-Link Systems Inc.
Product
Tapo C200 v3
Platforms
  • NVMP
Default Status
unaffected
Versions
Affected
  • From 0 before 1.4.4 Build 250922 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770 Allocation of resources without limits or throttling
Type: CWE
CWE ID: CWE-770
Description: CWE-770 Allocation of resources without limits or throttling
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-125CAPEC-125 Flooding
CAPEC ID: CAPEC-125
Description: CAPEC-125 Flooding
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Arjan Chadha, Keysight Technologies
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes
patch
https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes
patch
https://www.tp-link.com/us/support/faq/5143/
vendor-advisory
Hyperlink: https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes
Resource:
patch
Hyperlink: https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes
Resource:
patch
Hyperlink: https://www.tp-link.com/us/support/faq/5143/
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f23511db-6c3e-4e32-a477-6aa17d310630
Published At:24 Jun, 2026 | 19:17
Updated At:29 Jun, 2026 | 16:17

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.3
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.3:build_230228:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.4
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.4:build_230424:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.5
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.5:build_230717:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.7
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.7:build_230920:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.9
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.9:build_231019:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.11
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.11:build_231115:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.13
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.13:build_240327:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.14
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.14:build_240513:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.3.15
cpe:2.3:o:tp-link:tapo_c200_firmware:1.3.15:build_240715:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.4.1
cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.1:build_241212:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200_firmware>>1.4.2
cpe:2.3:o:tp-link:tapo_c200_firmware:1.4.2:build_250313:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tapo_c200>>3
cpe:2.3:h:tp-link:tapo_c200:3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Secondaryf23511db-6c3e-4e32-a477-6aa17d310630
CWE ID: CWE-770
Type: Secondary
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notesf23511db-6c3e-4e32-a477-6aa17d310630
Release Notes
https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notesf23511db-6c3e-4e32-a477-6aa17d310630
Release Notes
https://www.tp-link.com/us/support/faq/5143/f23511db-6c3e-4e32-a477-6aa17d310630
Vendor Advisory
Hyperlink: https://www.tp-link.com/en/support/download/tapo-c200/v3/#Firmware-Release-Notes
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Resource:
Release Notes
Hyperlink: https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Resource:
Release Notes
Hyperlink: https://www.tp-link.com/us/support/faq/5143/
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found

CVE-2025-14299
Matching Score-10
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-10
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.22% / 12.95%
||
7 Day CHG~0.00%
Published-20 Dec, 2025 | 00:42
Updated-08 Jan, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Content-Length Validation in HTTPS Requests on Tapo C200

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c200_firmwaretapo_c200Tapo C200 V3
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-34122
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.34%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:20
Updated-06 Apr, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow Leading to Denial of Service in TP-Link Tapo C520WS

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c520ws_firmwareTapo C520WS v2.6
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-34119
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.58%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:19
Updated-06 Apr, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c520ws_firmwareTapo C520WS v2.6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-34118
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.34%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:19
Updated-06 Apr, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c520ws_firmwareTapo C520WS v2.6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-34124
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.30% / 21.51%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:20
Updated-06 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service via Path Expansion Overflow in HTTP Service in TP-Link Tapo C520WS

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c520ws_firmwareTapo C520WS v2.6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-0936
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.5||MEDIUM
EPSS-0.93% / 56.48%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 09:24
Updated-12 Mar, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link Archer C50 Web Management Interface denial of service

A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-archer_c50Archer C50
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-48712
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.65%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48710
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.68%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-4296
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.99%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-WR740N ARP resource consumption

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr740ntl-wr740n_firmwareTL-WR740N
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-34120
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.47%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:19
Updated-06 Apr, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c520ws_firmwareTapo C520WS v2.6
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-39610
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.60%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tapo_c100_firmwaretapo_c100n/atapo_c100
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-15057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.96%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 21:20
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-ps310u_firmwaretl-ps310un/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-48713
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.68%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48714
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.68%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 00:00
Updated-21 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660_firmwaretl-wdr7660n/atl-wdr7660_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-8714
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 10.72%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 16:14
Updated-19 Jun, 2026 | 03:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service Vulnerability in RTSP Input Handling on TP-Link's Tapo C520WS

A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input.  Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTSP in a denial-of-service condition.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c520ws_firmwareTapo C520WS v2
CWE ID-CWE-20
Improper Input Validation
CVE-2026-1315
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.58% / 43.70%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 17:53
Updated-11 Mar, 2026 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c220_firmwaretapo_c220tapo_c520ws_firmwareTapo C520WS v2Tapo C220 v1
CWE ID-CWE-20
Improper Input Validation
CVE-2025-8065
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-8.7||HIGH
EPSS-0.47% / 37.94%
||
7 Day CHG~0.00%
Published-20 Dec, 2025 | 00:41
Updated-03 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution via Stack-based Buffer Overflow in ONVIF SOAP Parser in TP-Link Tapo C200 and C520WS

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c200tapo_c200_firmwareTapo C520WS v2.6Tapo C200 V3
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7375
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 12.31%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 17:47
Updated-09 Mar, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial-of-Service Vulnerability in Omada EAP610

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-omada_eap610_firmwareomada_eap610EAP610 v3
CWE ID-CWE-20
Improper Input Validation
CVE-2026-1871
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.30% / 22.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 16:13
Updated-04 Jun, 2026 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c200_firmwaretapo_c200Tapo C200 v5
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15606
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.29% / 21.08%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 18:36
Updated-31 Mar, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-td-w8961nd_firmwaretd-w8961nTD-W8961N v4.0
CWE ID-CWE-20
Improper Input Validation
CVE-2025-14631
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.12%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 01:04
Updated-12 Mar, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference Vulnerability in Malformed 802.11 Frame of TP-Link Archer BE400

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-archer_be400_firmwarearcher_be400Archer BE400
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-0919
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.53% / 41.48%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 17:52
Updated-29 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C210, C220 & C520WS

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.

Action-Not Available
Vendor-TP-Link Systems Inc.TP Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c220tapo_c520ws_firmwaretapo_c220_firmwareTapo C520WS v2Tapo C220 v1Tapo C210 v3
CWE ID-CWE-20
Improper Input Validation
CVE-2024-12343
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-4.72% / 90.81%
||
7 Day CHG~0.00%
Published-08 Dec, 2024 | 09:31
Updated-10 Dec, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-vn020_f3vvn020_f3v_firmwareVN020 F3v(T)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-0918
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.68% / 48.31%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 17:52
Updated-29 Apr, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tapo_c520wstapo_c220tapo_c520ws_firmwaretapo_c220_firmwareTapo C520WS v2Tapo C220 v1Tapo C100 v5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2646
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-4.5||MEDIUM
EPSS-0.32% / 24.32%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 07:31
Updated-24 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link Archer C7v2 GET Request Parameter denial of service

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-archer_c7_firmwarearcher_c7Archer C7v2
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-3622
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.36% / 27.76%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:34
Updated-31 Mar, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.  This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tl-wr841n_firmwaretl-wr841nTL-WR841N v14
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36357
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-0.80% / 52.39%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 00:00
Updated-02 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr941ndtl-wr841ntl-wr940n_firmwaretl-wr841n_firmwaretl-wr940ntl-wr941nd_firmwaren/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-47184
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:25
Updated-17 Jul, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7.

Action-Not Available
Vendor-python-zeroconf
Product-python-zeroconf
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-48045
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:26
Updated-17 Jul, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12.

Action-Not Available
Vendor-python-zeroconf
Product-python-zeroconf
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-0224
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 30.32%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: ANCPD core when hitting maximum-discovery-table-entries limit

A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. Continued processing of spoofed subscriber nodes will create a sustained Denial of Service (DoS) condition. When the number of subscribers attempting to connect exceeds the configured maximum-discovery-table-entries value, the subscriber fails to map to an internal neighbor entry, causing the ANCPD process to crash. This issue affects Juniper Networks Junos OS: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-9059
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.85% / 53.90%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 04:30
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.

Action-Not Available
Vendor-schlagesilabsSilicon LabsSchlage
Product-500_series_firmwarebe468BE468500 series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-5210
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.94%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-5209
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.94%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-8551
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-4.3||MEDIUM
EPSS-1.14% / 63.02%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:25
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes kubelet denial of service

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Action-Not Available
Vendor-Fedora ProjectKubernetes
Product-kubernetesfedoraKubernetes
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20067
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.30% / 22.22%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20047
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.50%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:36
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. An attacker could exploit this vulnerability by sending crafted LLDP traffic to an affected device. A successful exploit could allow the attacker to exhaust the memory resources of the affected device, resulting in a crash of the LLDP process. If the affected device is configured to support LLDP only, this could cause an interruption to inbound and outbound calling. By default, these devices are configured to support both Cisco Discovery Protocol and LLDP. To recover operational state, the affected device needs a manual restart.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_room_phonesip_ip_phone_softwarewebex_room_phone_firmwarewebex_share_firmwarewebex_shareCisco Webex Room Phone
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4781
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 25.62%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4782
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.92%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-46921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 21.16%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-20 Jun, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack).

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_modem_5300_firmwareexynos_1280_firmwareexynos_980_firmwareexynos_9820exynos_1380_firmwareexynos_2400_firmwareexynos_990exynos_modem_5300exynos_9110_firmwareexynos_2100_firmwareexynos_1280exynos_w1000_firmwareexynos_2200exynos_2200_firmwareexynos_1330exynos_2100exynos_modem_5123exynos_1480exynos_modem_5400_firmwareexynos_1380exynos_modem_5400exynos_990_firmwareexynos_modem_5123_firmwareexynos_1330_firmwareexynos_1080_firmwareexynos_1480_firmwareexynos_980exynos_9825exynos_w1000exynos_1080exynos_9820_firmwareexynos_9825_firmwareexynos_9110n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-45700
Matching Score-4
Assigner-Zabbix
ShareView Details
Matching Score-4
Assigner-Zabbix
CVSS Score-6||MEDIUM
EPSS-0.35% / 26.98%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 06:13
Updated-03 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS vulnerability due to uncontrolled resource exhaustion

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.

Action-Not Available
Vendor-ZABBIX
Product-zabbixZabbix
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-52917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.50%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 00:00
Updated-30 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/abitcoin_core
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-27663
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.68%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 14:03
Updated-14 Apr, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.

Action-Not Available
Vendor-Siemens AG
Product-CPCI85 Central Processing/CommunicationRTUM85 RTU Base
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-2929
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 45.66%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 04:45
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP memory leak

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectInternet Systems Consortium, Inc.
Product-debian_linuxfedoradhcpISC DHCP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-6004
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.94%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-22226
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 22.41%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 02:46
Updated-12 May, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4300-48t-dcqfx5220ex4300-48tafiqfx5210ex4300-24tqfx5110qfx5130ex4650qfx5200ex4300-48t-sex4300mjunosex4300-24t-sex4300-vcex4300-32fex4300-48tex4600-vcex4300-48tdcex4300-48mp-sex4300-48t-dc-afiqfx5120ex4300-48mpex4300-24pex4300qfx5100ex4300-32f-dcex4300-48pex4300-48t-afiex4600ex4300-48tdc-afiex4300-mpex4300-48p-sex4300-24p-sex4300-32f-sqfx5700Junos OS
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-0038
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 50.52%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS

Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junossrx340srx345Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-24738
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 18.08%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 21:08
Updated-04 Mar, 2026 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well outside what would be available in ICs. It can accept something all the way up to 4GB which would take too many iterations in 256 byte chunks, and would also try to allocate memory that might not be available in constrained environments like phones. Or if an API sends data to ReadFile, the same problem applies. The very small chunked read also locks the goroutine in accepting data for a very large number of iterations. projects using the gmrtd library to read files from NFCs can experience extreme slowdowns or memory consumption. A malicious NFC can just behave like the mock transceiver described above and by just sending dummy bytes as each chunk to be read, can make the receiving thread unresponsive and fill up memory on the host system. Version 0.17.2 patches the issue.

Action-Not Available
Vendor-gmrtdgmrtd
Product-gmrtdgmrtd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-21875
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 37.20%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 08:37
Updated-11 Mar, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack when broadcasting billboard messages

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.

Action-Not Available
Vendor-Badge.Team
Product-hacker_hotel_badge_2024Hacker Hotel Badge 2024
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-57972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.22% / 80.69%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many requests through the Device Portal framework.

Action-Not Available
Vendor-Microsoft Corporation
Product-HoloLens
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-20406
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
  • Previous
  • 1
  • 2
  • Next
Details not found