PatchSiren cyber security CVE debrief
CVE-2026-51604 Tenda CVE debrief
CVE-2026-51604 is a stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91). An unauthenticated remote attacker can cause a denial of service via a crafted PLAY request. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. This type of vulnerability can be used to disrupt service, and defenders should be cautious of potential impact on network availability. The vulnerability is caused by a buffer overflow in the RTSP service, which can be exploited by sending a crafted PLAY request.
- Vendor
- Tenda
- Product
- CP3 V3.0
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Security teams and administrators responsible for Tenda CP3 V3.0 devices should be aware of this vulnerability and take necessary actions to mitigate it. They should review the vulnerability details and assess the potential impact on their systems. They should also consider implementing additional security controls to prevent exploitation.
Technical summary
The vulnerability is caused by a stack-based buffer overflow in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91). An attacker can exploit this vulnerability by sending a crafted PLAY request, which can cause a denial of service. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. There is no information available about potential patches or mitigations.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it can be exploited remotely and has a high CVSS score. Defenders should focus on applying patches or mitigations as soon as possible.
Recommended defensive actions
- Apply the vendor-provided patch or update to a fixed version of the firmware.
- Implement network segmentation to limit the attack surface.
- Monitor network traffic for suspicious activity.
- Consider implementing additional security controls, such as intrusion detection and prevention systems.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
Evidence notes
The CVE record was published on 2026-07-09T17:17:00.970Z and was last modified on 2026-07-10T17:41:47.303Z. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The CVE record is based on limited source information and may not be comprehensive.
Official resources
-
CVE-2026-51604 CVE record
CVE.org
-
CVE-2026-51604 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:00.970Z and has not been modified since then. The NVD entry is currently Deferred.