CVE-2026-51606
Received Received - Intake

Improper Input Handling in Tenda CP3 RTSP Service

Vulnerability report for CVE-2026-51606, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: MITRE

Description

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. This behavior affects the request-line URL field and header field values across multiple RTSP request types.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenda cp3 31.1.9.91

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-51606 is an improper input handling vulnerability in the RTSP service of the Tenda CP3 IP camera running firmware version V31.1.9.91.

When the RTSP service receives a request containing an oversized field value in the URL or any header field, it does not return a proper RTSP error response as required by RFC 2326.

Instead, the device abruptly terminates the TCP connection by sending a RST packet, leaving the client without any application-layer indication of why the request was rejected.

This behavior affects multiple RTSP request types and deviates from the expected protocol standards.

Compliance Impact

The vulnerability causes the RTSP service to abruptly terminate TCP connections with a RST packet when receiving requests with oversized field values, without returning proper RFC 2326-compliant error responses. This non-conformant behavior can impact the reliability and interoperability of the device in production environments.

However, there is no information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can cause clients interacting with the RTSP service to enter undefined states due to the abrupt termination of TCP connections without proper error messages.

It can interfere with session management in automated systems that rely on RTSP communication.

Additionally, it complicates fault diagnosis in deployment environments because no standard RTSP error response is provided.

While the RTSP service process remains operational and continues to accept new connections, the reliability and interoperability of the device in production environments may be negatively impacted.

Detection Guidance

This vulnerability can be detected by sending RTSP requests with oversized URL or header field values to the Tenda CP3 device and observing the device's response.

If the device abruptly terminates the TCP connection with a RST packet instead of returning a proper RTSP error response (such as 400 Bad Request or 413 Request Entity Too Large), it indicates the presence of the vulnerability.

A proof-of-concept script exists that sends RTSP requests with oversized fields to trigger this behavior.

Commands to detect this could involve using tools like curl or netcat to send crafted RTSP requests with oversized URL or header fields and monitoring the TCP connection behavior.

  • Use netcat (nc) to connect to the RTSP port and send an RTSP request with an oversized URL or header field.
  • Monitor the TCP connection with tools like tcpdump or Wireshark to check if the device sends a TCP RST packet abruptly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-51606. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart