CVE-2026-6250 – Authenticated Format String Injection on TP-Link Tapo C110

CVE ID :CVE-2026-6250

Published : June 11, 2026, 10:16 p.m. | 1 hour, 3 minutes ago

Description :An
authenticated format string vulnerability exists in the ONVIF service of Tapo
C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as
a format string, which can be used to manipulate stack memory, including
control flow data such as return addresses.

A remote
authenticated attacker may redirect execution flow to existing internal
functions, triggering an unauthorized factory reset, leading to loss of
configuration, deletion of stored credentials and service disruption.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49482 – ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

CVE-2026-10676 – Rejected reason: This CVE Record has been rejected

CVE-2026-47238 – ClipBucket: IDOR in videos subtitle editor

CVE-2026-45060 – ClipBucket: Blind SQL Injection in progress_video.php