CVE-2026-31256

Name of the Vulnerable Software and Affected Versions MERCURY MIPC252W version 1.0.5 Build 230306 Rel.79931n

Description A null pointer dereference occurs in the RTSP service during the processing of a SETUP request for the endpoint "rtsp://:554/stream1/track2". The issue arises because the device fails to properly validate the Transport header field. If this header is improperly constructed, the service dereferences a NULL pointer during request parsing, leading to a device crash and automatic reboot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.