CVE-2026-1315

Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

Description

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.

INFO

Published Date :

2026-01-27T17:53:29.242Z

Last Modified :

2026-01-27T18:11:48.097Z

Source :

TPLink

AFFECTED PRODUCTS

The following products are affected by CVE-2026-1315 vulnerability.

Vendors	Products
Tp-link	Tapo Tapo C220 Tapo C220 Firmware Tapo C220 V1 Tapo C520ws Tapo C520ws Firmware Tapo C520ws V2

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1315.

URL	Resource
https://www.tp-link.com/en/support/download/tapo-c220/v1/
https://www.tp-link.com/en/support/download/tapo-c520ws/v2/
https://www.tp-link.com/us/support/download/tapo-c220/v1.60/
https://www.tp-link.com/us/support/download/tapo-c520ws/v2/
https://www.tp-link.com/us/support/faq/4923/

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact