CVE-2026-34124

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C520WS version 2.6

Description A stack buffer overflow exists in the HTTP server due to improper HTTP request path parsing logic. While length restrictions are enforced on the raw request path, the system fails to account for path expansion during normalization. An attacker on the adjacent network can send crafted HTTP GET or POST requests to cause memory corruption and buffer overflow, resulting in process termination, system interruption, or device reboot, leading to a denial-of-service (DoS) condition.

Recommendations Update the firmware of TP-Link Tapo C520WS version 2.6 to the latest official release. Implement robust input validation at network perimeters to filter malformed HTTP traffic.