CVE-2026-12760
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A DoS vulnerability in Tapo C200 v3 camera stems from improper handling of fragmented IPv4 packets. An unauthenticated adjacent attacker can send crafted packets causing excessive resource consumption and device instability.
Risk Assessment
Successful exploitation can remotely trigger a temporary denial-of-service condition, making the camera unresponsive and resulting in intermittent loss of video monitoring and recording.
Recommendation
Immediately update the Tapo C200 v3 camera firmware to the latest version available from the vendor and restrict local network access to trusted devices only.
Original NVD description (English source)
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the device.Successful exploitation can remotely trigger a temporary denial-of-service condition, causing the camera to become unresponsive and resulting in intermittent loss of video monitoring and recording.

