Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Remote unauthenticated RTSP request (AV:N/AC:L/PR:N/UI:N) but impact is limited to temporary loss of a single connection, so A:L and no C/I impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection.
AnalysisAI
Temporary connection denial-of-service in the RTSP service of the MERCURY MIPC252W IP camera (firmware v1.0.5 Build 230306 Rel.79931n) lets an unauthenticated remote attacker wedge an individual TCP connection by sending an RTSP request that declares a Content-Length but includes no message body. The malformed parser enters a body-waiting state and silently swallows all further data on that socket until a server-side timeout closes it. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the MERCURY MIPC252W RTSP service (typically TCP/554) and the ability to send a crafted RTSP request containing a Content-Length header with no accompanying message body; no authentication or user interaction is needed (CVSS PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals conflict sharply and the headline CVSS overstates real risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to the camera's RTSP port opens a TCP connection and sends a single RTSP request carrying a Content-Length header but no message body. The parser stalls in a body-waiting state, causing that connection to silently consume any further bytes and become unusable for streaming until the server timeout closes it, forcing the legitimate client to reconnect. … |
| Remediation | No vendor-released patch identified at time of analysis, and no fixed firmware version is cited in the available data, so an exact upgrade target cannot be given. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all MERCURY MIPC252W cameras in production and document which are accessible from untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42642
GHSA-c38f-3577-frmw