cbcvebase.
CVE-2026-12760
published 2026-06-24

CVE-2026-12760: A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented…

PriorityP429medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.22%
12.7th percentile
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.

Affected

12 ranges
VendorProductVersion rangeFixed in
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-linktapo_c200_firmware
tp-link_systems_inctapo_c200_v3< 1.4.4 Build 2509221.4.4 Build 250922

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.