A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.
References
| Link | Resource |
|---|---|
| https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_2th/README.md | Exploit Third Party Advisory |
| https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_2th/README.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
05 May 2026, 13:41
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_2th/README.md - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:o:mercurycom:mipc252w_firmware:1.0.5:build_230306:*:*:*:*:*:* cpe:2.3:h:mercurycom:mipc252w:-:*:*:*:*:*:*:* |
|
| First Time |
Mercurycom
Mercurycom mipc252w Firmware Mercurycom mipc252w |
27 Apr 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_2th/README.md - | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.4 |
| CWE | CWE-400 |
27 Apr 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-27 19:16
Updated : 2026-05-05 13:41
NVD link : CVE-2026-35901
Mitre link : CVE-2026-35901
CVE.ORG link : CVE-2026-35901
JSON object : View
Products Affected
mercurycom
- mipc252w
- mipc252w_firmware
CWE
CWE-400
Uncontrolled Resource Consumption