CVE-2026-35901

low-risk
Published 2026-04-27

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.

Do I need to act?

-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10 Medium
LOCAL / LOW complexity

References (2)

https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC25...
https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC25...
20
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal