Security Advisory: Authenticated Format String Injection on Tapo C110 (CVE-2026-6250)
Vulnerability and Impact Description:
CVE-2026-6250
An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses.
A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption.
CVSS v4.0 Score: 7.0 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected Version |
|
Tapo C110 v2 |
< 1.5.4 Build 260428 Rel.64344n |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Follow the instructions to update to the latest firmware version to fix the vulnerabilities:
US: Download for Tapo C110 | TP-Link
EN: Download for Tapo C110 | TP-Link
KR: 다운로드 함 Tapo C110 | TP-Link 대한민국
Disclaimer:
This advisory is provided for informational purposes only and is subject to change without notice. The information is provided “as is” without warranties of any kind. TP-Link recommends that customers promptly apply available firmware updates or implement documented workarounds as provided in this advisory. Devices/systems that are not updated or mitigated as described may remain vulnerable, and TP-Link disclaims any responsibility or liability for any damages or losses arising from a failure to implement such updates.
Looking for More
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.