CVE-2026-1871— Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200
Possible ATT&CK Techniques 2AI
T1499 · Endpoint Denial of Service T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | Tapo C200 v5 | < 1.4.4 Build 260527 Rel.28339n | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1871
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200
Source: NVD (National Vulnerability Database)
Vulnerability Description
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C200 v5 | 0 ~ 1.4.4 Build 260527 Rel.28339n | - |
II. Public POCs for CVE-2026-1871
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1871
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-1871 (1)
Vendor Pages for CVE-2026-1871 (1)
IV. Related Vulnerabilities
Same vendor: TP-Link Systems Inc.
- CVE-2026-34127
Stored Cross-Site Scripting (XSS) via Configuration File Imp - CVE-2026-34126
Bluetooth Communication Uses Unencrypted Transmission During - CVE-2026-8697
Improper Authentication Rate Limiting on TP-Link's Archer C6 - CVE-2026-5509
Arbitrary Command Injection via Browser Developer Console in - CVE-2026-3294
Authentication Logic Vulnerability on Multiple TP-Link Range
Same weakness: CWE-121
V. Comments for CVE-2026-1871
No comments yet