CVE-2026-1315

Name of the Vulnerable Software and Affected Versions Tapo C220 version 1 Tapo C520WS version 2

Description Sending specially crafted files to the firmware update endpoint can cause the device to terminate core system services before authentication or firmware integrity is verified. This allows an unauthenticated attacker to trigger a persistent denial of service, requiring a manual reboot or application-initiated restart to restore normal device operation. The affected API endpoint is the firmware update endpoint.

Recommendations For Tapo C220 version 1, avoid using the firmware update endpoint. For Tapo C520WS version 2, avoid using the firmware update endpoint.