CVE-2026-1315
Published: 27 January 2026
Summary
CVE-2026-1315 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Tapo C220 Firmware. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1315 is a vulnerability in the firmware update endpoint of TP-Link Tapo C220 v1 and C520WS v2 devices. By sending crafted files to this endpoint, an attacker can cause the device to terminate core system services before verifying authentication or firmware integrity. The issue, published on 2026-01-27 and associated with CWE-20 (Improper Input Validation), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.
An unauthenticated attacker with network access can exploit the vulnerability by transmitting specially crafted files to the firmware update endpoint. This triggers a persistent denial-of-service condition, halting normal device operation until a manual reboot or application-initiated restart is performed.
TP-Link provides firmware downloads for mitigation on support pages for the affected models, including https://www.tp-link.com/en/support/download/tapo-c220/v1/, https://www.tp-link.com/en/support/download/tapo-c520ws/v2/, https://www.tp-link.com/us/support/download/tapo-c220/v1.60/, https://www.tp-link.com/us/support/download/tapo-c520ws/v2/, and an FAQ at https://www.tp-link.com/us/support/faq/4923/. Security practitioners should apply these updates to vulnerable devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4790
Vulnerability details
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a…
more
manual reboot or application initiated restart to restore normal device operation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in unauthenticated firmware update endpoint directly enables remote exploitation of a public-facing service (T1190) to trigger service termination and persistent endpoint DoS (T1499).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CWE-20 improper input validation by requiring validation of crafted firmware update files before processing to prevent termination of core system services.
Mandates timely flaw remediation via vendor-provided firmware updates to comprehensively eliminate the vulnerability in the firmware update endpoint.
Protects system availability by implementing denial-of-service protections against unauthenticated crafted file attacks on the firmware update endpoint.