CVE-2026-34123

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

⚠️ Vulnerability Alert: Multiple Buffer Overflow and Auth Bypass Vulnerabilities in TP-Link Tapo C520WS (CVE-2026-34118 through CVE-2026-34124) 📅 Timeline: Disclosure: 2026-04-02; Patch: Not stated

🛠️ Exploit Maturity: Not Available 🔧 Fixed Versions: Patched by TP-Link (vendor firmware update; specific fixed version not stated)

🫨 Attack Vectors:

Adjacent network (same network segment) — crafted HTTP requests
Unauthenticated HTTP request / authorization bypass (CVE-2026-34121)
Streaming/local video request parsing vectors

📝 Summary: Multiple heap- and stack-based buffer overflows in Tapo C520WS allow adjacent-network attackers to trigger crashes/DoS and potentially escalate to remote code execution depending on exploitability. Separately, CVE-2026-34121 is an unauthenticated authorization bypass that permits unauthorized configuration changes.

📈 Impact Scope: Widely deployed Tapo C520WS devices in homes and businesses — risks include device outages, unauthorized configuration changes, privacy exposure, and potential lateral compromise if memory-corruption flaws are weaponized.

🛡️ Recommended Actions:

Apply the TP-Link firmware update immediately when available and verify device versions
Isolate cameras on a dedicated VLAN and restrict HTTP/management access
Block or limit HTTP access from untrusted networks and the internet
Monitor device logs and network traffic for abnormal HTTP requests and repeated crashes
Maintain an inventory of affected devices and consider temporary removal from sensitive networks if you cannot patch

🪢 Related Resources:

🏷 Tags: #Cybersecurity #IoT #TapoC520WS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-34123

Affected Products

Undefined

CVE-2026-34123

Related Identifiers

Affected Products

References · 1