GHSA-c38f-3577-frmw · Severity: critical — An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5...
An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection.
Conclusion & alert: CVE-2026-51599 is rated Moderate Risk (51.7/100): CVSS Critical severity, with low exploitation likelihood (EPSS 0.43%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-07-11 | 0.18% | 0.43% | +0.25% |
| 2 | 2026-07-10 | — | 0.18% | — |
Full EPSS history (2 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
GHSA-c38f-3577-frmw · Severity: critical — An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||