CVE-2026-6250: CWE-134 Use of Externally-Controlled format string in TP-Link Systems Inc. Tapo C110 v2
CVE-2026-6250 is an authenticated format string vulnerability in the ONVIF service of TP-Link Tapo C110 v2. It arises from improper handling of user-controlled input, allowing manipulation of stack memory and control flow data. A remote authenticated attacker can exploit this to trigger an unauthorized factory reset, causing loss of configuration, deletion of stored credentials, and service disruption.
AI Analysis
Technical Summary
This vulnerability (CWE-134) in TP-Link Tapo C110 v2's ONVIF service allows an authenticated attacker to supply externally controlled data interpreted as a format string. This can corrupt stack memory, including return addresses, enabling redirection of execution flow to internal functions. Exploitation can lead to an unauthorized factory reset, resulting in loss of device configuration, stored credentials, and disruption of service. The CVSS v4.0 base score is 7.0, indicating high severity. No patch or official remediation has been disclosed by the vendor as of the publication date.
Potential Impact
Exploitation requires authentication but allows an attacker to forcibly reset the device to factory defaults. This results in loss of all configuration settings and stored credentials, causing service disruption and potential operational impact until the device is reconfigured.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the ONVIF service to trusted users only and monitor for suspicious authenticated activity. No official fix or temporary workaround has been published by the vendor at this time.
CVE-2026-6250: CWE-134 Use of Externally-Controlled format string in TP-Link Systems Inc. Tapo C110 v2
Description
CVE-2026-6250 is an authenticated format string vulnerability in the ONVIF service of TP-Link Tapo C110 v2. It arises from improper handling of user-controlled input, allowing manipulation of stack memory and control flow data. A remote authenticated attacker can exploit this to trigger an unauthorized factory reset, causing loss of configuration, deletion of stored credentials, and service disruption.
CVSS v4.0
Score 7.0high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-134) in TP-Link Tapo C110 v2's ONVIF service allows an authenticated attacker to supply externally controlled data interpreted as a format string. This can corrupt stack memory, including return addresses, enabling redirection of execution flow to internal functions. Exploitation can lead to an unauthorized factory reset, resulting in loss of device configuration, stored credentials, and disruption of service. The CVSS v4.0 base score is 7.0, indicating high severity. No patch or official remediation has been disclosed by the vendor as of the publication date.
Potential Impact
Exploitation requires authentication but allows an attacker to forcibly reset the device to factory defaults. This results in loss of all configuration settings and stored credentials, causing service disruption and potential operational impact until the device is reconfigured.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the ONVIF service to trusted users only and monitor for suspicious authenticated activity. No official fix or temporary workaround has been published by the vendor at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TPLink
- Date Reserved
- 2026-04-13T18:44:25.412Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2b2918815e7002b834188e
Added to database: 6/11/2026, 9:31:04 PM
Last enriched: 6/11/2026, 9:44:58 PM
Last updated: 6/11/2026, 10:50:47 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.