CVE-2026-12760
published 2026-06-24CVE-2026-12760: A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented…
PriorityP429medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.22%
12.7th percentile
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link | tapo_c200_firmware | — | — |
| tp-link_systems_inc | tapo_c200_v3 | < 1.4.4 Build 250922 | 1.4.4 Build 250922 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
TP-Link Tapo C200 v3 allocation of resources
vuldb·2026-06-24·CVSS 7.1
CVE-2026-12760 [HIGH] TP-Link Tapo C200 v3 allocation of resources
A vulnerability categorized as critical has been discovered in TP-Link Tapo C200 v3. This vulnerability affects unknown code. Executing a manipulation can lead to allocation of resources.
This vulnerability is handled as CVE-2026-12760. The attack can only be done within the local network. There is not any exploit available.
GHSA
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.
ghsa_unreviewed·2026-06-24
CVE-2026-12760 [HIGH] CWE-770 A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-24
Published