CVE-2026-34120

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C520WS version 2.6

Description A heap-based buffer overflow occurs during the asynchronous parsing of local video stream content and the handling of HTTP POST request bodies. This issue stems from insufficient alignment and validation of buffer boundaries when processing streaming inputs and improper boundary checks during memory allocation or copying in the HTTP server component. An attacker on the same network segment can trigger heap memory corruption by sending crafted payloads, leading to a Denial-of-Service (DoS) condition where the device process crashes or becomes unresponsive. Depending on the architectural context, this could also lead to information disclosure or remote code execution.

Recommendations Update the device to a version that addresses this issue once the vendor update becomes available. Implement network segmentation to limit exposure of management interfaces. Monitor device logs for unusual or malformed HTTP POST requests.