Tp-link Tapo_c260_firmware
3 CVEs affecting Tp-link Tapo_c260_firmware. Latest disclosed: 2026-02-10. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-0652 | High | 8.8 | 2026-02-10 | On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. A… |
CVE-2026-0651 | High | 7.8 | 2026-02-10 | A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server perfo… |
CVE-2026-0653 | Medium | 6.5 | 2026-02-10 | On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization… |