CVE-2026-51602 in CP3 V3.0
Summary
by MITRE • 07/09/2026
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the first SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/09/2026
This vulnerability represents a critical stack-based buffer overflow in the RTSP service component of Tenda CP3 V3.0 firmware version V31.1.9.91, classified under CWE-121 Stack-based Buffer Overflow. The flaw exists within the second-stage URL routing parser that processes SETUP requests sent to the device's RTSP service. The vulnerability arises from inadequate input validation where the parser fails to properly constrain the length of URL fields in the initial SETUP request, creating a pathway for malicious input manipulation.
The attack vector involves an unauthenticated remote exploitation scenario where attackers can craft specially formatted SETUP requests to trigger the buffer overflow condition. Specifically, by constructing a URL that consists of exactly four consecutive repetitions of a valid RTSP URL, the attacker can bypass the first-stage format validation mechanisms that are designed to filter out malformed input. This technique exploits the parser's failure to implement proper bounds checking during the second-stage processing phase, allowing malicious data to overflow into adjacent stack memory regions.
The operational impact of this vulnerability extends beyond simple denial of service to create a complete service disruption that affects all network clients relying on the device's RTSP functionality. When successfully exploited, the buffer overflow immediately crashes the RTSP service process, forcing the device into an inaccessible state where legitimate users cannot establish connections or access streaming services. This creates a persistent availability issue that requires manual intervention to restore normal operation, potentially affecting surveillance systems or media streaming applications dependent on the device.
The vulnerability aligns with ATT&CK technique T1499.004 for Network Denial of Service and demonstrates poor input validation practices that violate security best practices outlined in industry standards. The exploitation requires minimal privileges since no authentication is needed, making it particularly dangerous for devices accessible on local networks. Mitigation strategies should include firmware updates from the vendor to implement proper bounds checking mechanisms, input sanitization protocols, and enhanced validation procedures within the RTSP service parser. Network segmentation and access controls can provide additional protection layers while awaiting official patches, though these measures do not address the root cause of the buffer overflow vulnerability in the device's firmware implementation.