PatchSiren cyber security CVE debrief
CVE-2026-51605 Tenda CVE debrief
CVE-2026-51605 is a stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991). An unauthenticated remote attacker can cause a denial of service via a crafted TEARDOWN request. This vulnerability has a high impact on network availability and requires immediate attention from users of the affected product.
- Vendor
- Tenda
- Product
- CP3 V3.0 (firmware V31.1.9.991)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Tenda CP3 V3.0 (firmware V31.1.9.991) should apply patches or mitigations to prevent potential denial of service attacks. This includes network administrators, security teams, and operators managing the affected product. Vulnerability management and platform security teams should prioritize patching.
Technical summary
The vulnerability exists in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991). A crafted TEARDOWN request can cause a stack-based buffer overflow, leading to a denial of service. The affected product is Tenda CP3 V3.0 with firmware V31.1.9.991. Users should review the official advisory for patching guidance.
Defensive priority
High priority should be given to patching or mitigating this vulnerability to prevent potential denial of service attacks.
Recommended defensive actions
- Apply patches or updates provided by the vendor
- Implement network access controls to limit exposure
- Monitor for suspicious RTSP activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-09T17:17:01.070Z and last modified on 2026-07-10T17:41:47.303Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments and review official advisories.
Official resources
-
CVE-2026-51605 CVE record
CVE.org
-
CVE-2026-51605 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:01.070Z and has not been modified since then. The NVD entry is currently Deferred.