TP-Link's Tapo C520WS smart security cameras have a lot of serious security holes This article explores updates tapoc520ws. . If there are vulnerabilities, attackers nearby could start Denial-of-Service attacks, crash the device, or get around authentication altogether.

CVE-2026-34121 has the highest CVSS score of 8.7, which means it is the most dangerous vulnerability found. TP-Link's official support pages and companion mobile app strongly recommend that users immediately install the most recent firmware patches. The company says it is not responsible for any security problems that happen because people don't install the updates. The TapoC520WS v2.6 with firmware versions before 1.2.4 Build 260326 Rel 24666n is the only one that is affected by these problems.

The system checks the lengths of raw requests, but it doesn't take into account the fact that the size of the requests can change during path normalization. This lets hackers cause a system interruption.

The problem happens when the camera's DS configuration service handles HTTP requests. Because JSON requests don't always parse and authorize correctly, an attacker who isn't logged in can easily get around security checks on the same network segment. You can also use the camera for active surveillance and property monitoring, but only if it is connected to a network that isn't open to DoS attacks.

It can be used to keep an eye on businesses and property owners.