ID

VAR-202606-4422


CVE

CVE-2026-12760


TITLE

TP-LINK Technologies of tapo c200  Unlimited or Throttling Resource Allocation Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616

DESCRIPTION

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.   An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording. - No information handled by the software will be rewritten. - The software may completely shut down

Trust: 1.62

sources: NVD: CVE-2026-12760 // JVNDB: JVNDB-2026-021616

AFFECTED PRODUCTS

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.11

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.9

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.7

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.4

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.13

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.15

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.5

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.3

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.4.2

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.3.14

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:1.4.1

Trust: 1.0

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.11

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.14

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.3

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.4

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.4.1

Trust: 0.8

vendor:tp linkmodel:tapo c200scope: - version: -

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.5

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.15

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.7

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.9

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.3.13

Trust: 0.8

vendor:tp linkmodel:tapo c200scope:eqversion:tapo c200 firmware 1.4.2

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616 // NVD: CVE-2026-12760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-12760
value: MEDIUM

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2026-12760
value: HIGH

Trust: 1.0

NVD: CVE-2026-12760
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2026-12760
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-12760
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616 // NVD: CVE-2026-12760 // NVD: CVE-2026-12760

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616 // NVD: CVE-2026-12760

PATCH

title:Security Advisoryurl:https://www.tp-link.com/us/support/faq/5143/

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616

EXTERNAL IDS

db:NVDid:CVE-2026-12760

Trust: 2.6

db:JVNDBid:JVNDB-2026-021616

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616 // NVD: CVE-2026-12760

REFERENCES

url:https://www.tp-link.com/us/support/download/tapo-c200/v3/#firmware-release-notes

Trust: 1.8

url:https://www.tp-link.com/en/support/download/tapo-c200/v3/#firmware-release-notes

Trust: 1.8

url:https://www.tp-link.com/us/support/faq/5143/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-12760

Trust: 0.8

sources: JVNDB: JVNDB-2026-021616 // NVD: CVE-2026-12760

SOURCES

db:JVNDBid:JVNDB-2026-021616
db:NVDid:CVE-2026-12760

LAST UPDATE DATE

2026-06-30T23:39:37.810000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021616date:2026-06-30T02:23:00
db:NVDid:CVE-2026-12760date:2026-06-29T16:17:25.343

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021616date:2026-06-30T00:00:00
db:NVDid:CVE-2026-12760date:2026-06-24T19:17:08.237