What is CVE-2026-35902?

CVE-2026-35902 is a medium-severity vulnerability in Mercurycom Mipc252w, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 6.2/10. Published 2026-04-27.

How severe is CVE-2026-35902?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Mercurycom Mipc252w

CVE-2026-35902

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can caus…

EPSS: 0.000 (15.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mercurycom Mipc252w
Mercurycom Mipc252w_firmware — versions 1.0.5
N/a — versions n/a

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

cve@mitre.org (Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2026-35902?: CVE-2026-35902 is a medium-severity vulnerability in Mercurycom Mipc252w, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 6.2/10. Published 2026-04-27.
How severe is CVE-2026-35902?: Medium severity. CVSS v3 base score is 6.2 out of 10.