Details of VAR-202512-2524

ID

VAR-202512-2524

CVE

CVE-2025-8065

TITLE

TP-LINK Technologies of tapo c200 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328

DESCRIPTION

A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS). Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-8065 // JVNDB: JVNDB-2025-024328

AFFECTED PRODUCTS

vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.13	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.15	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.4.4	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.9	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.7	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.11	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.3.14	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.14	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.4.1	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.7	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.4.4	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.3	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.5	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.4	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.11	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.15	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.9	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.3.13	Trust: 0.8
vendor:	tp link	model:	tapo c200	scope:	eq	version:	tapo c200 firmware 1.4.2	Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-8065
value:	MEDIUM
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2025-8065
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-8065
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2025-8065
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2025-8065
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065 // NVD: CVE-2025-8065

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8
problemtype:	Resource exhaustion (CWE-400) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

PATCH

title:

Security Advisory on Vulnerabilities in Tapo C200 (CVE-2025-8065, CVE-2025-14299 & CVE-2025-14300) | TP-Link

url:

https://www.tp-link.com/us/support/faq/4849/

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8065	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-024328	Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

REFERENCES

url:	https://www.tp-link.com/us/support/download/tapo-c200/v3/#firmware-release-notes	Trust: 1.8
url:	https://www.tp-link.com/us/support/faq/4849/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-8065	Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

SOURCES

db:	JVNDB	id:	JVNDB-2025-024328
db:	NVD	id:	CVE-2025-8065

LAST UPDATE DATE

2026-01-14T23:53:51.576000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024328	date:	2026-01-13T05:53:00
db:	NVD	id:	CVE-2025-8065	date:	2026-01-08T19:38:13.970

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024328	date:	2026-01-13T00:00:00
db:	NVD	id:	CVE-2025-8065	date:	2025-12-20T01:16:05.410