ГлавнаяУязвимости → CVE-2026-0652
8.8высокая

CVE-2026-0652

Описание

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.

Затрагиваемое ПО
Tp-link Tapo c260 firmwareTp-link Tapo c260
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.tp-link.com/en/support/download/tapo-c260/v1/https://www.tp-link.com/us/support/download/tapo-c260/v1/https://www.tp-link.com/us/support/faq/4960/