← Back

CVE-2025-8065

nvd nist
Published: Dec 20, 2025Modified: Apr 3, 2026

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: f23511db-6c3e-4e32-a477-6aa17d310630 (Secondary)

Description

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.

Affected (12)

Tp Link
1 product
Tapo C200 Firmware
Configuration A
12 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tp Link
Tapo C200 Firmware
Version 1.3.11 build_231115
Tapo C200 Firmware
Version 1.3.13 build_240327
Tapo C200 Firmware
Version 1.3.14 build_240513
Tapo C200 Firmware
Version 1.3.15 build_240715
Tapo C200 Firmware
Version 1.3.3 build_230228
Tapo C200 Firmware
Version 1.3.4 build_230424
Tapo C200 Firmware
Version 1.3.5 build_230717
Tapo C200 Firmware
Version 1.3.7 build_230920
Tapo C200 Firmware
Version 1.3.9 build_231019
Tapo C200 Firmware
Version 1.4.1 build_241212
Tapo C200 Firmware
Version 1.4.2 build_250313
Tapo C200 Firmware
Version 1.4.4 build_250922
Running on/withPlatform Versions
Tp Link
Tapo C200
Version 3

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (5)

Source: f23511db-6c3e-4e32-a477-6aa17d310630
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Release Notes
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Vendor Advisory

Timeline

No history available yet.