CVE-2026-12760: CWE-770 Allocation of resources without limits or throttling in TP-Link Systems Inc. Tapo C200 v3
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.
AI Analysis
Technical Summary
CVE-2026-12760 is a high-severity vulnerability affecting the TP-Link Tapo C200 v3 camera. It arises from improper handling of IPv4 fragmented packets in the network packet processing logic, leading to allocation of resources without limits or throttling (CWE-770). An unauthenticated attacker on the adjacent network can send specially crafted fragmented packets to exhaust device resources, causing a temporary denial-of-service condition. This disrupts the camera's normal operation, resulting in loss of video monitoring and recording capabilities. No patch or official remediation has been disclosed yet, and no known exploits are reported in the wild.
Potential Impact
The vulnerability allows an unauthenticated adjacent attacker to cause excessive resource consumption on the affected device, leading to instability and temporary denial-of-service. This results in the camera becoming unresponsive and intermittent loss of video monitoring and recording, impacting the availability of the security device.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the device from untrusted adjacent networks to reduce exposure to crafted IPv4 fragmented packets.
CVE-2026-12760: CWE-770 Allocation of resources without limits or throttling in TP-Link Systems Inc. Tapo C200 v3
Description
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.
CVSS v4.0
Score 7.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12760 is a high-severity vulnerability affecting the TP-Link Tapo C200 v3 camera. It arises from improper handling of IPv4 fragmented packets in the network packet processing logic, leading to allocation of resources without limits or throttling (CWE-770). An unauthenticated attacker on the adjacent network can send specially crafted fragmented packets to exhaust device resources, causing a temporary denial-of-service condition. This disrupts the camera's normal operation, resulting in loss of video monitoring and recording capabilities. No patch or official remediation has been disclosed yet, and no known exploits are reported in the wild.
Potential Impact
The vulnerability allows an unauthenticated adjacent attacker to cause excessive resource consumption on the affected device, leading to instability and temporary denial-of-service. This results in the camera becoming unresponsive and intermittent loss of video monitoring and recording, impacting the availability of the security device.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the device from untrusted adjacent networks to reduce exposure to crafted IPv4 fragmented packets.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TPLink
- Date Reserved
- 2026-06-19T21:06:11.577Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c2387748d17fc4ff2f75b
Added to database: 06/24/2026, 18:35:51 UTC
Last enriched: 06/24/2026, 18:50:42 UTC
Last updated: 06/24/2026, 20:10:58 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.