CVE-2026-35901 — MEDIUM (4.4)

Vulnerability Description

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mercurycom	Mipc252W Firmware	1.0.5
Mercurycom	Mipc252W	-

Related Weaknesses (CWE)

CWE-400

References

https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC25ExploitThird Party Advisory
https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC25ExploitThird Party Advisory

FAQ

What is CVE-2026-35901?

CVE-2026-35901 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the ...

How severe is CVE-2026-35901?

CVE-2026-35901 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-35901?

Check the references section above for vendor advisories and patch information. Affected products include: Mercurycom Mipc252W Firmware, Mercurycom Mipc252W.