CVE-2026-51606
HIGH
NVD
CVSS Score
7.5
Severity
HIGH
Published
Jul 09, 2026
Vendor
unknown
Description
An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. This behavior affects the request-line URL field and header field values across multiple RTSP request types.