{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31256", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-27T18:31:57.503Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T18:31:57.503Z"}, "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_1th/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot."}], "id": "CVE-2026-31256", "lastModified": "2026-04-27T19:26:32.820", "metrics": {}, "published": "2026-04-27T19:16:47.230", "references": [{"source": "cve@mitre.org", "url": "https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_1th/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.0.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mipc252w", "vendor": "mercury"}], "analysis": {"en": {"generated_at": "2026-04-28T13:16:28.177830+00:00", "value": {"mitigation_remediation": ["Update the device firmware to a version released by MERCURY that includes a fix for the RTSP Transport header parsing bug.", "If no firmware update is available, restrict external access to RTSP port 554 or disable the RTSP service to prevent remote requests.", "Monitor the device for unexpected reboots or denial of service events and consider replacing the unit if it remains critical to operations."], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects MERCURY MIPC252W cameras running firmware version 1.0.5 Build 230306 Rel.79931n. No other vendors or products are listed as impacted.", "description_and_impact": "A null pointer dereference occurs in the RTSP service when processing a SETUP request for the path rtsp://<IP>:554/stream1/track2 with an improperly constructed Transport header. The malformed header causes the service to dereference a NULL pointer during request parsing, leading the device to crash and automatically reboot. Successful exploitation therefore results in a denial of service, as the camera becomes temporarily unavailable until it recovers from the reboot.", "risk_and_exploitability": "The CVE lacks an assigned CVSS score and its EPSS score is unavailable, and it is not listed in the CISA KEV catalog. The exploit can be carried out remotely over the network by an attacker who can send crafted RTSP SETUP requests to the device\u2019s port 554. Because the flaw only causes a crash and reboot, it does not permit code execution or data exfiltration. The primary risk is that a malicious actor can disrupt service by repeatedly triggering reboots."}}}}, "created": "2026-04-28T09:17:30.662962+00:00", "title": "Null Pointer Dereference in RTSP Service Causing Device Reboot", "updated": "2026-04-28T13:30:32.082347+00:00", "vendors": ["mercury", "mercury$PRODUCT$mipc252w"], "weaknesses": ["CWE-476"]}