What is GHSA-92jw-rf4g-rwr2?

GHSA-92jw-rf4g-rwr2 is a security advisory published by GitHub Security Advisories with High severity. TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling...

Which CVE IDs does GHSA-92jw-rf4g-rwr2 cover?

GHSA-92jw-rf4g-rwr2 covers the following CVE IDs: CVE-2026-1871. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-92jw-rf4g-rwr2High

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling...

Vendor

GitHub Security Advisories

Published

June 2, 2026

Last Modified

June 2, 2026

🔗 CVE IDs covered (1)

CVE-2026-1871 →

📋 Description

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request.

Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-1871
https://www.tp-link.com/en/support/download/tapo-c200/v5/#Firmware-Release-Notes
https://www.tp-link.com/kr/support/download/tapo-c200/#Firmware-Release-Notes
https://www.tp-link.com/us/support/download/tapo-c200/v5/#Firmware-Release-Notes
https://www.tp-link.com/us/support/faq/5113
https://github.com/advisories/GHSA-92jw-rf4g-rwr2