CVE-2026-1871

216.73.217.22

· Published 02/06/2026 17:16 · Modified 02/06/2026 17:19

Labels: CVE-2026-1871 2026-06-02 CVE-2026-1871 CWE-121 f23511db-6c3e-4e32-a477-6aa17d310630

Essential information

Published: 02/06/2026 17:16
Modified: 02/06/2026 17:19
Author: —
Creator: —
CVSS: 7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

NVD status

Status: Undergoing Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: f23511db-6c3e-4e32-a477-6aa17d310630
NVD: View on NVD

Affected products (CPE)

Product	CPE
tp-link / tapo c200	`cpe:2.3:a:tp-link:tapo_c200:v5:::::::*`