Azim Javed

**Name of the Vulnerable Software and Affected Versions** Tapo C220 version 1 Tapo C520WS version 2 **Description** The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not properly manage POST requests with a large `Content-Length` header. This leads to a memory allocation failure and a NULL pointer dereference, which causes the main service process to crash. An attacker who does not need to be authenticated can repeatedly crash the service, resulting in a temporary denial of service. The devices automatically restart, but repeated requests can keep them unavailable. **Recommendations** Tapo C220 version 1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tapo C520WS version 2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tapo C200 V3 (affected versions not specified) **Description** The HTTPS service on the device has a connectAP interface lacking proper authentication. An attacker on the same local network can exploit this to change the device’s Wi-Fi settings, leading to a loss of connectivity and a denial-of-service (DoS) condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.