Mercurycom Mipc252W Firmware vulnerabilities
4 known vulnerabilities affecting mercurycom/mipc252w_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-35903P2CRITICALCVSS 9.8v1.0.52026-04-27
CVE-2026-35903 [CRITICAL] CWE-287 CVE-2026-35903: MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnera
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result, RTSP methods such as SETUP,
nvd
CVE-2026-31256P3HIGHCVSS 7.5v1.0.52026-04-27
CVE-2026-31256 [HIGH] CWE-476 CVE-2026-31256: A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Bu
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NUL
nvd
CVE-2026-35902P4MEDIUMCVSS 6.2v1.0.52026-04-27
CVE-2026-35902 [MEDIUM] CWE-307 CVE-2026-35902: The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Diges
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authen
nvd
CVE-2026-35901P4MEDIUMCVSS 4.4v1.0.52026-04-27
CVE-2026-35901 [MEDIUM] CWE-400 CVE-2026-35901: A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.
nvd