CVE-2026-1871: CWE-121 Stack-based buffer overflow in TP-Link Systems Inc. Tapo C200 v5
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
AI Analysis
Technical Summary
CVE-2026-1871 is a stack-based buffer overflow vulnerability (CWE-121) in the RTSP authentication component of TP-Link Tapo C200 v5 cameras. The issue arises from improper validation of the length of the Authorization header field in RTSP requests. A crafted authentication request can trigger this overflow, causing the RTSP service process to crash and the device to reboot automatically. This leads to a denial of service condition by interrupting legitimate user access to the camera's live video stream and management functions. The vulnerability has a CVSS 4.0 base score of 7.1, indicating high severity. No patch or official remediation guidance is currently available, and no known exploits in the wild have been reported.
Potential Impact
Successful exploitation results in a denial of service by crashing the RTSP core service and forcing an automatic reboot of the device. This disrupts legitimate user access to live video streaming and management interfaces until the system recovers. There is no indication of privilege escalation, data disclosure, or remote code execution from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure of the RTSP service to untrusted networks to reduce the risk of exploitation. Monitor vendor communications for updates on patches or mitigations.
CVE-2026-1871: CWE-121 Stack-based buffer overflow in TP-Link Systems Inc. Tapo C200 v5
Description
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
CVSS v4.0
Score 7.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-1871 is a stack-based buffer overflow vulnerability (CWE-121) in the RTSP authentication component of TP-Link Tapo C200 v5 cameras. The issue arises from improper validation of the length of the Authorization header field in RTSP requests. A crafted authentication request can trigger this overflow, causing the RTSP service process to crash and the device to reboot automatically. This leads to a denial of service condition by interrupting legitimate user access to the camera's live video stream and management functions. The vulnerability has a CVSS 4.0 base score of 7.1, indicating high severity. No patch or official remediation guidance is currently available, and no known exploits in the wild have been reported.
Potential Impact
Successful exploitation results in a denial of service by crashing the RTSP core service and forcing an automatic reboot of the device. This disrupts legitimate user access to live video streaming and management interfaces until the system recovers. There is no indication of privilege escalation, data disclosure, or remote code execution from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure of the RTSP service to untrusted networks to reduce the risk of exploitation. Monitor vendor communications for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TPLink
- Date Reserved
- 2026-02-04T00:03:47.430Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1f1074e29bf47b50e96282
Added to database: 6/2/2026, 5:18:44 PM
Last enriched: 6/2/2026, 5:33:58 PM
Last updated: 6/3/2026, 5:09:41 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.