CVE-2026-35902
published 2026-04-27CVE-2026-35902: The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP…
PriorityP430medium6.2CVSS 3.1
AVLACLPRNUINSUCNINAH
EPSS
0.18%
7.5th percentile
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authenticating and leading to a denial of service.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mercurycom | mipc252w_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Mercury MIPC252W 1.0.5 Build 230306 RTSP Service denial of service
vuldb·2026-04-27
CVE-2026-35902 [LOW] Mercury MIPC252W 1.0.5 Build 230306 RTSP Service denial of service
A vulnerability classified as problematic has been found in Mercury MIPC252W 1.0.5 Build 230306. This issue affects some unknown processing of the component RTSP Service. This manipulation causes denial of service.
The identification of this vulnerability is CVE-2026-35902. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-vfw9-c27q-5vqc: The RTSP service of MERCURY IP camera MIPC252W 1
ghsa_unreviewed·2026-04-27
CVE-2026-35902 [MEDIUM] CWE-307 GHSA-vfw9-c27q-5vqc: The RTSP service of MERCURY IP camera MIPC252W 1
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authenticating and leading to a denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-27
Published