Cyber Resilience

CVE-2026-1315

High

Published: 27 January 2026

Published
27 January 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 48.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1315 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Tapo C220 Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-1315 is a vulnerability in the firmware update endpoint of TP-Link Tapo C220 v1 and C520WS v2 devices. By sending crafted files to this endpoint, an attacker can cause the device to terminate core system services before verifying authentication or firmware integrity. The issue, published on 2026-01-27 and associated with CWE-20 (Improper Input Validation), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.

An unauthenticated attacker with network access can exploit the vulnerability by transmitting specially crafted files to the firmware update endpoint. This triggers a persistent denial-of-service condition, halting normal device operation until a manual reboot or application-initiated restart is performed.

TP-Link provides firmware downloads for mitigation on support pages for the affected models, including https://www.tp-link.com/en/support/download/tapo-c220/v1/, https://www.tp-link.com/en/support/download/tapo-c520ws/v2/, https://www.tp-link.com/us/support/download/tapo-c220/v1.60/, https://www.tp-link.com/us/support/download/tapo-c520ws/v2/, and an FAQ at https://www.tp-link.com/us/support/faq/4923/. Security practitioners should apply these updates to vulnerable devices.

EU & UK References

Vulnerability details

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a…

more

manual reboot or application initiated restart to restore normal device operation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Vulnerability in unauthenticated firmware update endpoint directly enables remote exploitation of a public-facing service (T1190) to trigger service termination and persistent endpoint DoS (T1499).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0919Same product: Tp-Link Tapo C220
CVE-2026-0918Same product: Tp-Link Tapo C220
CVE-2026-34121Same product: Tp-Link Tapo C520Ws
CVE-2025-15606Same vendor: Tp-Link
CVE-2025-15035Same vendor: Tp-Link
CVE-2026-1668Same vendor: Tp-Link
CVE-2026-5509Same vendor: Tp-Link
CVE-2025-9014Same vendor: Tp-Link
CVE-2025-15517Same vendor: Tp-Link
CVE-2025-9292Same vendor: Tp-Link

Affected Assets

tp-link
tapo c220 firmware
≤ 1.4.2
tp-link
tapo c520ws firmware
≤ 1.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CWE-20 improper input validation by requiring validation of crafted firmware update files before processing to prevent termination of core system services.

prevent

Mandates timely flaw remediation via vendor-provided firmware updates to comprehensively eliminate the vulnerability in the firmware update endpoint.

prevent

Protects system availability by implementing denial-of-service protections against unauthenticated crafted file attacks on the firmware update endpoint.

References