Skip to main content

MERCURY MIPC252W EUVDEUVD-2026-42642

| CVE-2026-51599 CRITICAL
Improper Input Validation (CWE-20)
2026-07-09 cve@mitre.org GHSA-c38f-3577-frmw
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
5.3 MEDIUM

Remote unauthenticated RTSP request (AV:N/AC:L/PR:N/UI:N) but impact is limited to temporary loss of a single connection, so A:L and no C/I impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 10, 2026 - 18:27 vuln.today
CVSS changed
Jul 10, 2026 - 18:22 NVD
9.8 (CRITICAL)
CVE Published
Jul 09, 2026 - 17:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection.

AnalysisAI

Temporary connection denial-of-service in the RTSP service of the MERCURY MIPC252W IP camera (firmware v1.0.5 Build 230306 Rel.79931n) lets an unauthenticated remote attacker wedge an individual TCP connection by sending an RTSP request that declares a Content-Length but includes no message body. The malformed parser enters a body-waiting state and silently swallows all further data on that socket until a server-side timeout closes it. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach camera RTSP port 554
Delivery
Send RTSP request with Content-Length, no body
Exploit
Parser enters body-waiting state
Execution
Connection silently consumes all input
Impact
Streaming stalls until server timeout

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to the MERCURY MIPC252W RTSP service (typically TCP/554) and the ability to send a crafted RTSP request containing a Content-Length header with no accompanying message body; no authentication or user interaction is needed (CVSS PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply and the headline CVSS overstates real risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to the camera's RTSP port opens a TCP connection and sends a single RTSP request carrying a Content-Length header but no message body. The parser stalls in a body-waiting state, causing that connection to silently consume any further bytes and become unusable for streaming until the server timeout closes it, forcing the legitimate client to reconnect. …
Remediation No vendor-released patch identified at time of analysis, and no fixed firmware version is cited in the available data, so an exact upgrade target cannot be given. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all MERCURY MIPC252W cameras in production and document which are accessible from untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42642 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy