CVE-2026-1315
Published: 27 January 2026
Summary
CVE-2026-1315 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Tapo C220 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Directly implements checks on information inputs to reject invalid data before processing.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in unauthenticated firmware update endpoint directly enables remote exploitation of a public-facing service (T1190) to trigger service termination and persistent endpoint DoS (T1499).
NVD Description
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a…
more
manual reboot or application initiated restart to restore normal device operation.
Deeper analysisAI
CVE-2026-1315 is a vulnerability in the firmware update endpoint of TP-Link Tapo C220 v1 and C520WS v2 devices. By sending crafted files to this endpoint, an attacker can cause the device to terminate core system services before verifying authentication or firmware integrity. The issue, published on 2026-01-27 and associated with CWE-20 (Improper Input Validation), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.
An unauthenticated attacker with network access can exploit the vulnerability by transmitting specially crafted files to the firmware update endpoint. This triggers a persistent denial-of-service condition, halting normal device operation until a manual reboot or application-initiated restart is performed.
TP-Link provides firmware downloads for mitigation on support pages for the affected models, including https://www.tp-link.com/en/support/download/tapo-c220/v1/, https://www.tp-link.com/en/support/download/tapo-c520ws/v2/, https://www.tp-link.com/us/support/download/tapo-c220/v1.60/, https://www.tp-link.com/us/support/download/tapo-c520ws/v2/, and an FAQ at https://www.tp-link.com/us/support/faq/4923/. Security practitioners should apply these updates to vulnerable devices.
Details
- CWE(s)