CVE-2026-6250

June 11, 2026, 10:16 p.m.

7.0
Medium

Description

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption.

Product(s) Impacted

Vendor Product Versions
Tapo
  • C110
  • Onvif Service
  • 2
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a tapo c110 2 / / / / / / /
a tapo onvif_service / / / / / / / /

References

https://www.tp-link.com/en/support/download/tapo-c110/v2/#Firmware-Release-Notes
https://www.tp-link.com/kr/support/download/tapo-c110/v2/#Firmware-Release-Notes
https://www.tp-link.com/us/support/download/tapo-c110/v2/#Firmware-Release-Notes
https://www.tp-link.com/us/support/faq/5128/

Tags

CWE-134
f23511db-6c3e-4e32-a477-6aa17d310630
2026-06-11
CVE-2026-6250

CVSS Score

7.0 / 10

CVSS Data - 4.0

  • Attack Vector: ADJACENT
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: LOW
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: June 11, 2026, 10:16 p.m.
Last Modified: June 11, 2026, 10:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

f23511db-6c3e-4e32-a477-6aa17d310630

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.