Security Advisory on Vulnerabilities in Tapo C200 (CVE-2025-8065, CVE-2025-14299 & CVE-2025-14300)

Vulnerabilities Description and Impacts:

In Tapo C200 V3, following vulnerabilities were identified:

CVE-2025-8065: Buffer Overflow in ONVIF XML Parser

• A Buffer Overflow in ONVIF XML parsing could allow an attacker to send specially crafted SOAP XML requests.
• An unauthenticated attacker on the same local network segment can exploit this to crash the device, causing a denial-of-service (DoS).

CVSS v4.0 Score: 7.1 / High

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE-2025-14299: Improper Content-Length Validation in HTTPS Requests

• The HTTPS server does not properly validate the Content-Length header, which could lead to an Integer Overflow.
• An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to crash the device, resulting in DoS.

CVSS v4.0 Score: 7.1 / High

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE-2025-14300: Unauthenticated Access to connectAP API Endpoint

• The HTTPS Service exposes a connectAP interface without proper authentication.
• An unauthenticated attacker on the same local network segment can modify the device’s Wi-Fi configuration, resulting in loss of connectivity and DoS.

CVSS v4.0 Score: 8.7 / High

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Recommendations:

We strongly recommend that users with affected devices take the following actions:

1. Check and Update on Tapo Mobile Application to fix the vulnerabilities.

Download for Tapo C200 | TP-Link

Disclaimer:

If you do not take all of the recommended actions, this vulnerability concern will remain. TP-Link will not bear any responsibility for the consequences that could have been avoided by following the recommended actions in this statement.