PatchSiren cyber security CVE debrief
CVE-2026-6239 TP-Link Systems Inc. CVE debrief
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service. The device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive number of user entries to trigger memory corruption. Successful exploitation may cause the ONVIF management service to terminate unexpectedly, resulting in a denial-of-service (DoS) condition that disrupts device configuration and management functions.
- Vendor
- TP-Link Systems Inc.
- Product
- Tapo C520WS v2
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-06
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-06
- Advisory updated
- 2026-06-08
Who should care
Users of Tapo C520WS v2 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS score of 6.8 and is classified as MEDIUM severity. It can be exploited by an authenticated attacker sending a crafted ONVIF request.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the ONVIF CreateUsers service to only trusted users.
- Monitor device logs for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2026-6239 CVE record
CVE.org
-
CVE-2026-6239 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
-
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
-
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
CVE-2026-6239 was published on 2026-06-06T00:16:40.977Z and modified on 2026-06-08T15:01:06.580Z.