Loading market data...
← Back to CVE feed

CVE-2026-6250

UNKNOWN View on NVD ↗

Description

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption.

Published: Jun 11, 2026 22:16 UTC Modified: Jun 12, 2026 16:06 UTC