Shodan
Vulnerabilities
Vulnerable Software
Tp-Link:  >> Tapo C200 Firmware  Security Vulnerabilities
CVE-2025-8065
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-20
CVE-2025-14300
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).
CVSS Score
8.1
EPSS Score
0.001
Published
2025-12-20
CVE-2025-14299
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-20
CVE-2023-49515
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-01-17
CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.
CVSS Score
4.6
EPSS Score
0.0
Published
2023-06-06
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
CVSS Score
9.8
EPSS Score
0.884
Published
2022-03-10
CVE-2020-11445
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved