# CVE-2026-35902

> Vulnerability · severity: **MEDIUM** (CVSS 6.2).

## Description

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authenticating and leading to a denial of service.

## Key facts

- **CVE ID:** CVE-2026-35902
- **Published:** 2026-04-27
- **CVSS severity:** MEDIUM
- **CVSS base score:** 6.2
- **CWE codes:** CWE-307

## Affected products

- `mercurycom:mipc252w_firmware`
- `mercurycom:mipc252w`

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35902

## Citation

> AI Analytics. CVE-2026-35902. Retrieved 2026-07-02 from https://api.ai-analytics.org/cve/CVE-2026-35902. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*