cbcvebase.
CVE-2026-35902
published 2026-04-27

CVE-2026-35902: The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP…

PriorityP430medium6.2CVSS 3.1
AVLACLPRNUINSUCNINAH
EPSS
0.18%
7.5th percentile
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authenticating and leading to a denial of service.

Affected

1 ranges
VendorProductVersion rangeFixed in
mercurycommipc252w_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.