NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6250

Summary	An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption.
Publication Date	June 12, 2026, 7:16 a.m.
Registration Date	June 13, 2026, 4:16 a.m.
Last Update	June 13, 2026, 1:06 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.tp-link.com/en/support/download/tapo-c110/v2/#Firmware-Release-Notes	f23511db-6c3e-4e32-a477-6aa17d310630
2	https://www.tp-link.com/kr/support/download/tapo-c110/v2/#Firmware-Release-Notes	f23511db-6c3e-4e32-a477-6aa17d310630
3	https://www.tp-link.com/us/support/download/tapo-c110/v2/#Firmware-Release-Notes	f23511db-6c3e-4e32-a477-6aa17d310630
4	https://www.tp-link.com/us/support/faq/5128/	f23511db-6c3e-4e32-a477-6aa17d310630

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-134	書式文字列の問題	https://cwe.mitre.org/data/definitions/134.html