Zhangchangqing

**Name of the Vulnerable Software and Affected Versions** MERCURY MIPC252W version 1.0.5 Build 230306 Rel.79931n **Description** A null pointer dereference occurs in the RTSP service during the processing of a SETUP request for the endpoint "rtsp://<IP>:554/stream1/track2". The issue arises because the device fails to properly validate the `Transport` header field. If this header is improperly constructed, the service dereferences a NULL pointer during request parsing, leading to a device crash and automatic reboot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.