Critical TP-Link Flaws Enable Attackers to Crash Routers and Cause DoS

TP-Link has patched a set of severe security vulnerabilities affecting the Tapo C520WS outdoor security camera, a widely used device for home and business surveillance.

The flaws tracked as CVE-2026-34118 through CVE-2026-34124 range from heap and stack-based buffer overflows to a critical authentication bypass, all of which can be exploited by attackers on the same network segment to crash the device or seize unauthorized control.

Heap-Based Buffer Overflows

Three of the disclosed vulnerabilities stem from the device’s failure to enforce proper memory boundary checks when processing HTTP and video streaming inputs.

In each case, an adjacent attacker can send specially crafted payloads that force the system to write data outside its allocated memory space, triggering heap corruption and a Denial-of-Service (DoS) condition that crashes or freezes the camera’s core processes.

• CVE-2026-34118 targets the HTTP POST parsing logic, where missing capacity checks after dynamic memory allocation allow unbounded writes.
• CVE-2026-34119 occurs in the HTTP parsing loop when segmented request bodies are appended without write boundary verification.
• CVE-2026-34120 affects asynchronous parsing of local video streams due to inadequate boundary validation on streaming inputs.

All three vulnerabilities carry a CVSS v4.0 severity score of 7.1.

Authentication Bypass (CVE-2026-34121)

The most critical flaw in this advisory is an authentication bypass in the camera’s DS configuration service.

The vulnerability arises from inconsistent authorization logic when the system parses JSON requests during authentication.

An unauthenticated attacker can attach a no-login-required action to a request embedding restricted configuration commands, effectively tricking the device into bypassing its own authorization checks entirely.

Successful exploitation grants the attacker the ability to execute privileged commands and modify device state without any valid credentials. This flaw holds the highest severity in the batch with a CVSS v4.0 score of 8.7.

Stack-Based Buffer Overflow (CVE-2026-34122)

A stack-based buffer overflow exists in the DS configuration service due to poor input validation.

Submitting an unusually long value for a specific configuration parameter triggers the overflow, causing service crashes or a forced device reboot, abruptly cutting off video surveillance. CVSS v4.0 score: 7.1.

Path Expansion Overflow (CVE-2026-34124)

The final vulnerability exploits a gap in HTTP request path parsing. While raw path lengths are capped, the device fails to account for additional length introduced during path normalization.

An adjacent attacker can send a manipulated HTTP request that expands beyond memory limits, causing buffer overflow, memory corruption, and a forced camera reboot. CVSS v4.0 score: 7.1.

These vulnerabilities specifically affect the TP-Link Tapo C520WS v2.6 running firmware versions older than 1.2.4 Build 260326 Rel.24666n.

TP-Link strongly urges all users to update their firmware immediately via the device’s management interface or the Tapo mobile application.

Patches are also available directly from TP-Link’s official support website. Keeping IoT devices updated remains the most effective defense against network intrusion and surveillance disruption.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Critical TP-Link Flaws Enable Attackers to Crash Routers and Cause DoS appeared first on Cyber Security News.