50 matches found
CVE-2026-51597
MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...
CVE-2026-51598
CVE-2026-51598 affects MERCURY MIPC252W IP Camera (RTSP service) with firmware v1.0.5 Build 230306 Rel.79931n. The issue is an input validation vulnerability in the RTSP service that allows an unauthenticated, network-adjacent attacker to cause a denial of service by sending a crafted DESCRIBE re...
CVE-2026-51598
An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...
Security update for wireshark
This update for wireshark fixes the following issues CVE-2026-5401: AFP dissector crash bsc1263756. CVE-2026-5403: SBC audio codec crash bsc1263765. CVE-2026-5404: K12 RF5 file parser crash bsc1263766. CVE-2026-5405: RDP dissector crash bsc1263767. CVE-2026-5406: FC-SWILS dissector crash...
CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
GHSA-V8H7-RR48-VMMV Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...
CVE-2026-6526
A flaw was found in Wireshark, a network protocol analyzer. By processing a specially crafted Real-Time Streaming Protocol RTSP packet, a remote attacker could cause the Wireshark application to crash, leading to a denial of service. This vulnerability affects the RTSP protocol dissector...
CVE-2026-6526
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
EUVD-2026-26333
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
CVE-2026-6526
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
CVE-2026-6526 NULL Pointer Dereference in Wireshark
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
CVE-2026-6526
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
PT-2026-35509
Name of the Vulnerable Software and Affected Versions Mercury MIPC252W version 1.0.5 Build 230306 Rel.79931n Description A handling issue in the RTSP Real Time Streaming Protocol service allows an authenticated attacker to trigger session termination. By repeatedly sending SETUP requests for the...
CVE-2026-35903
CVE-2026-35903 affects Mercury MIPC252W IP camera (1.0.5 Build 230306 Rel.79931n). The RTSP service has improper authentication: after a successful Digest authentication in an initial DESCRIBE, the device does not verify the Digest response in later RTSP requests within the same session. Conseque...
PT-2025-53361
FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without...
CVE-2024-42531
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establi...
CVE-2024-51362
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...
CVE-2024-51362
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...
CVE-2024-51362
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...
CVE-2024-51362
The CVE-2024-51362 entry affects LSC Smart Connect Indoor IP Camera V7.6.32. The Red Hat NVD references and other sources confirm an information-disclosure flaw where live footage can be accessed via RTSP on port 8554 without authentication, enabling unauthorized network access to the camera feed...