Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Tapo C100 v5

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-0918
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.74%
||
7 Day CHG+0.02%
Published-27 Jan, 2026 | 17:52
Updated-10 Feb, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-Tapo C220 v1Tapo C520WS v2Tapo C100 v5
CWE ID-CWE-476
NULL Pointer Dereference