Description
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.
Published: 2026-04-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

A null pointer dereference occurs in the RTSP service when processing a SETUP request for the path rtsp://<IP>:554/stream1/track2 with an improperly constructed Transport header. The malformed header causes the service to dereference a NULL pointer during request parsing, leading the device to crash and automatically reboot. Successful exploitation therefore results in a denial of service, as the camera becomes temporarily unavailable until it recovers from the reboot.

Affected Systems

The vulnerability affects MERCURY MIPC252W cameras running firmware version 1.0.5 Build 230306 Rel.79931n. No other vendors or products are listed as impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating high severity, while its EPSS score remains very low (<1%), and it is not listed in the CISA KEV catalog. The exploit can be carried out remotely over the network by an attacker who can send crafted RTSP SETUP requests to the device’s port 554. Because the flaw only causes a crash and reboot, it does not permit code execution or data exfiltration. The primary risk is that a malicious actor can disrupt service by repeatedly triggering reboots.

Generated by OpenCVE AI on April 28, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version released by MERCURY that includes a fix for the RTSP Transport header parsing bug.
  • If no firmware update is available, restrict external access to RTSP port 554 or disable the RTSP service to prevent remote requests.
  • Monitor the device for unexpected reboots or denial of service events and consider replacing the unit if it remains critical to operations.

Generated by OpenCVE AI on April 28, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercurycom
Mercurycom mipc252w
Mercurycom mipc252w Firmware
CPEs cpe:2.3:h:mercurycom:mipc252w:-:*:*:*:*:*:*:*
cpe:2.3:o:mercurycom:mipc252w_firmware:1.0.5:build_230306:*:*:*:*:*:*
Vendors & Products Mercurycom
Mercurycom mipc252w
Mercurycom mipc252w Firmware

Tue, 28 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in RTSP Service Causing Device Reboot

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in RTSP Service Causing Device Reboot
Weaknesses CWE-476

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercury
Mercury mipc252w
Vendors & Products Mercury
Mercury mipc252w

Mon, 27 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.
References

Subscriptions

Mercury Mipc252w
Mercurycom Mipc252w Mipc252w Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T15:05:27.912Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31256

cve-icon Vulnrichment

Updated: 2026-04-28T15:05:23.769Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T19:16:47.230

Modified: 2026-05-05T01:30:08.923

Link: CVE-2026-31256

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:00:19Z

Weaknesses