ID

VAR-202512-2524


CVE

CVE-2025-8065


TITLE

TP-LINK Technologies of tapo c200  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328

DESCRIPTION

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device. An unauthenticated attacker on the same local network segment could exploit this vulnerability by sending a specially crafted SOAP XML Sending a request can cause a memory overflow and crash the device, resulting in a denial of service ( DoS ) may occur.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-8065 // JVNDB: JVNDB-2025-024328

AFFECTED PRODUCTS

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.13

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.5

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.11

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.15

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.4

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.3

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.9

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.4.4

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.7

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.4.1

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.14

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.4.2

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.14

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.4.1

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.7

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.4.4

Trust: 0.8

vendor:tp linkmodel:tapo c200scope: - version: -

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.3

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.5

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.4

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.11

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.15

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.9

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.13

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.4.2

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-8065
value: MEDIUM

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2025-8065
value: HIGH

Trust: 1.0

NVD: CVE-2025-8065
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2025-8065
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-8065
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065 // NVD: CVE-2025-8065

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Resource exhaustion (CWE-400) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

PATCH

title:Security Advisory on Vulnerabilities in Tapo C200 (CVE-2025-8065, CVE-2025-14299 & CVE-2025-14300) | TP-Linkurl:https://www.tp-link.com/us/support/faq/4849/

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328

EXTERNAL IDS

db:NVDid:CVE-2025-8065

Trust: 2.6

db:JVNDBid:JVNDB-2025-024328

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

REFERENCES

url:https://www.tp-link.com/us/support/download/tapo-c200/v3/#firmware-release-notes

Trust: 1.8

url:https://www.tp-link.com/us/support/download/tapo-c520ws/#firmware-release-notes

Trust: 1.0

url:https://www.tp-link.com/en/support/download/tapo-c520ws/#firmware-release-notes

Trust: 1.0

url:https://www.tp-link.com/us/support/faq/4849/

Trust: 1.0

url:https://www.tp-link.com/en/support/download/tapo-c200/v3/#firmware-release-notes

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-8065

Trust: 0.8

sources: JVNDB: JVNDB-2025-024328 // NVD: CVE-2025-8065

SOURCES

db:JVNDBid:JVNDB-2025-024328
db:NVDid:CVE-2025-8065

LAST UPDATE DATE

2026-04-05T23:38:44.127000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-024328date:2026-01-13T05:53:00
db:NVDid:CVE-2025-8065date:2026-04-03T17:16:41.710

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-024328date:2026-01-13T00:00:00
db:NVDid:CVE-2025-8065date:2025-12-20T01:16:05.410