cbcvebase.
CVE-2026-35901
published 2026-04-27

CVE-2026-35901: A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by…

PriorityP417medium4.4CVSS 3.1
AVLACLPRHUINSUCNINAH
EPSS
0.25%
15.9th percentile
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.

Affected

1 ranges
VendorProductVersion rangeFixed in
mercurycommipc252w_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.