PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-51605 Tenda CVE debrief

CVE-2026-51605 is a stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991). An unauthenticated remote attacker can cause a denial of service via a crafted TEARDOWN request. This vulnerability has a high impact on network availability and requires immediate attention from users of the affected product.

Vendor
Tenda
Product
CP3 V3.0 (firmware V31.1.9.991)
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Tenda CP3 V3.0 (firmware V31.1.9.991) should apply patches or mitigations to prevent potential denial of service attacks. This includes network administrators, security teams, and operators managing the affected product. Vulnerability management and platform security teams should prioritize patching.

Technical summary

The vulnerability exists in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991). A crafted TEARDOWN request can cause a stack-based buffer overflow, leading to a denial of service. The affected product is Tenda CP3 V3.0 with firmware V31.1.9.991. Users should review the official advisory for patching guidance.

Defensive priority

High priority should be given to patching or mitigating this vulnerability to prevent potential denial of service attacks.

Recommended defensive actions

  • Apply patches or updates provided by the vendor
  • Implement network access controls to limit exposure
  • Monitor for suspicious RTSP activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-09T17:17:01.070Z and last modified on 2026-07-10T17:41:47.303Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments and review official advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:17:01.070Z and has not been modified since then. The NVD entry is currently Deferred.