CVE-2026-34123— TP-Link Tapo C520WS 安全漏洞

Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass whitelist restrictions, allowing restricted operations to be masked as permitted requests and executed. Successful exploitation may allow an attacker (with access to a restricted account) to execute unauthorized sensitive operations.  Depending on the operation invoked, impact could include device resets, unintended configuration changes, or disruption of normal operation, leading to loss of availability and integrity of the device.

N/A

认证机制不恰当

TP-Link Tapo C520WS 安全漏洞

TP-Link Tapo C520WS是中国普联（TP-Link）公司的一个WiFi摄像头。 TP-Link Tapo C520WS v2存在安全漏洞，该漏洞源于设备API授权机制存在逻辑缺陷，可能导致攻击者利用合法方法映射行为绕过白名单限制，将受限操作伪装为允许请求执行，可能导致未授权的敏感操作，包括设备重置、意外配置更改或正常操作中断，导致设备可用性和完整性丧失。

N/A

N/A