PatchSiren cyber security CVE debrief
CVE-2026-6240 TP-Link Systems Inc. CVE debrief
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality.
- Vendor
- TP-Link Systems Inc.
- Product
- Tapo C520WS v2
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-06
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-06
- Advisory updated
- 2026-06-08
Who should care
Users of Tapo C520WS v2 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS score of 6.8 and is classified as MEDIUM severity. It was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-6240) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-6240).
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor.
- Restrict access to the ONVIF DeleteUsers service.
- Monitor device management and monitoring functionality for anomalies.
Evidence notes
The vendor is likely Tp Link, based on the provided evidence.
Official resources
-
CVE-2026-6240 CVE record
CVE.org
-
CVE-2026-6240 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
-
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
-
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
CVE-2026-6240 was published on 2026-06-06T00:16:41.103Z and last modified on 2026-06-08T15:01:06.580Z.