CVE-2026-6241 | An authenticated format string vulnerability is present in t… | CVSS 6.8 MEDIUM

Description

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory handling behavior. Successful exploitation may cause the ONVIF management service to crash, resulting in DoS condition that impacts normal device operation.

Metadata

CVE ID: CVE-2026-6241
State: PUBLISHED
Assigner: TPLink
Reserved: 2026-04-13 17:10 UTC
Published: 2026-06-05 23:52 UTC
Last updated: 2026-06-08 13:06 UTC
Primary CWE: CWE-134
CWE-134 Use of Externally-Controlled format string
Vendor / Product: TP-Link Systems Inc. / Tapo C520WS v2
Sources: cve.org · NVD

Severity & Metrics

6.8 MEDIUM CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
TP-Link Systems Inc.	Tapo C520WS v2	—	0 < 1.2.6 Build 260528

Weakness (CWE)

CWE	Source	Description
CWE-134	cna	CWE-134 Use of Externally-Controlled format string

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.8	MEDIUM	4.0	cna	CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References (3)