cvedb.io
CVE-2026-35901
MEDIUM · CVSS 4.4
EPSS exploitation probability: 0%
Published 2026-04-27T19:16:47.583 · Last modified 2026-06-17T10:41:01.793

Summary

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.

Affected products

mercurycom — mipc252w_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when mercurycom ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.