CVE-2026-34123— Whitelist Validation Bypass in TP-Link Tapo C520WS
Possible ATT&CK Techniques 1AI
T1548.002 · Bypass User Account ControlAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | Tapo C520WS v2 | < 1.2.6 Build 260528 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34123
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Whitelist Validation Bypass in TP-Link Tapo C520WS
Source: NVD (National Vulnerability Database)
Vulnerability Description
On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass whitelist restrictions, allowing restricted operations to be masked as permitted requests and executed. Successful exploitation may allow an attacker (with access to a restricted account) to execute unauthorized sensitive operations. Depending on the operation invoked, impact could include device resets, unintended configuration changes, or disruption of normal operation, leading to loss of availability and integrity of the device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
TP-Link Tapo C520WS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TP-Link Tapo C520WS是中国普联(TP-Link)公司的一个WiFi摄像头。 TP-Link Tapo C520WS v2存在安全漏洞,该漏洞源于设备API授权机制存在逻辑缺陷,可能导致攻击者利用合法方法映射行为绕过白名单限制,将受限操作伪装为允许请求执行,可能导致未授权的敏感操作,包括设备重置、意外配置更改或正常操作中断,导致设备可用性和完整性丧失。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C520WS v2 | 0 ~ 1.2.6 Build 260528 | - |
II. Public POCs for CVE-2026-34123
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34123
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-34123 (1)
Same Patch Batch · TP-Link Systems Inc. · 2026-06-05 · 6 CVEs total
| CVE-2026-6240 | Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C52 | |
| CVE-2026-6239 | Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520 | |
| CVE-2026-6241 | Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS | |
| CVE-2026-6242 | Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520W | |
| CVE-2026-8714 | Denial-of-Service Vulnerability in RTSP Input Handling on TP-Link's Tapo C520WS |
IV. Related Vulnerabilities
Same product: Tapo C520WS v2
- CVE-2026-6242
Authenticated Format String Vulnerability in ONVIF Subscribe - CVE-2026-6241
Authenticated Format String Vulnerability in ONVIF AddScopes - CVE-2026-6240
Authenticated Stack-based Buffer Overflow in ONVIF DeleteUse - CVE-2026-6239
Authenticated Stack-based Buffer Overflow in ONVIF CreateUse - CVE-2026-8714
Denial-of-Service Vulnerability in RTSP Input Handling on TP
Same vendor: TP-Link Systems Inc.
- CVE-2026-11409
OS Command Injection in IPv6 PPPoE Configuration in TP-Link - CVE-2026-11410
OS Command Injection in BigPond Cable (BPA) Configuration in - CVE-2026-6250
Authenticated Format String Injection on TP-Link Tapo C110 - CVE-2026-9151
Command Injection Vulnerability in OpenVPN on Multiple TP-Li - CVE-2026-8913
Command Injection in TP-Link's Archer MR600 WireGuard Client
Same weakness: CWE-287
- CVE-2026-32174
Azure Bot Service Elevation of Privilege Vulnerability - CVE-2026-49454
Relyra SAML SignatureValue not cryptographically verified -> - CVE-2026-11718
googleapis/mcp-toolbox令牌验证绕过漏洞 - CVE-2026-11717
Googleapis MCP Toolbox鉴权绕过漏洞 - CVE-2026-48991
XianYuLauncher: Legacy Microsoft account OAuth sign-in flow
V. Comments for CVE-2026-34123
No comments yet