What is the CVSS score of CVE-2026-31256?

CVE-2026-31256 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of MERCURY MIPC252W are affected by CVE-2026-31256?

MERCURY MIPC252W IP cameras running firmware 1.0.5 Build 230306 are vulnerable to remote denial-of-service attacks that crash the device and force reboots, potentially disrupting surveillance…

MERCURY MIPC252W CVE-2026-31256

EUVD-2026-25899 HIGH

NULL Pointer Dereference (CWE-476)

2026-04-27 mitre

Denial Of Service Null Pointer Dereference

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 28, 2026 - 15:23 vuln.today

CVSS changed

Apr 28, 2026 - 15:22 NVD

7.5 (HIGH)

EUVD ID Assigned

Apr 27, 2026 - 19:00 euvd

EUVD-2026-25899

Analysis Generated

Apr 27, 2026 - 19:00 vuln.today

CVE Published

Apr 27, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.

AnalysisAI

Denial of service in MERCURY MIPC252W IP camera firmware 1.0.5 Build 230306 Rel.79931n allows remote unauthenticated attackers to crash the device via malformed RTSP SETUP request. Exploitation triggers a null pointer dereference in the RTSP service during Transport header parsing, forcing an automatic reboot. …

RemediationAI

Within 24 hours: Inventory all MERCURY MIPC252W cameras and document firmware versions; identify which devices are internet-accessible. Within 7 days: Restrict RTSP (port 554) access via network firewall rules to trusted administrative networks only; block unauthenticated remote RTSP connections. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31256 vulnerability details – vuln.today

Back

MERCURY MIPC252W CVE-2026-31256

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code