Description

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.

INFO

Published Date :

2026-04-27T00:00:00.000Z

Last Modified :

2026-04-28T15:05:27.912Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31256 vulnerability.

Vendors Products
Mercury
  • Mipc252w
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31256.

URL Resource
https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_1th/README.md cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact