CVE-2026-35901
Last modified
CVE-2026-35901 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mercurycom | Mipc252w Firmware | 1.0.5 | Build 230306 |
References
- https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_2th/README.mdExploit, Third Party Advisory
- https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_2th/README.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-35901?
How severe is CVE-2026-35901?
How do I fix CVE-2026-35901?
Are you affected by CVE-2026-35901?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST