Filtered by vendor Tp-link
Subscriptions
Filtered by product Tapo C260 V1
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0653 | 1 Tp-link | 1 Tapo C260 V1 | 2026-02-11 | N/A |
| On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution. | ||||
| CVE-2026-0652 | 1 Tp-link | 1 Tapo C260 V1 | 2026-02-11 | N/A |
| On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise. | ||||
| CVE-2026-0651 | 1 Tp-link | 1 Tapo C260 V1 | 2026-02-11 | N/A |
| On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities. | ||||
Page 1 of 1.