Description
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result, RTSP methods such as SETUP, PLAY, and TEARDOWN can be processed even when the Authorization header contains an empty or invalid response value, as long as the nonce and session identifier correspond to a previously authenticated session. This allows an attacker with network access to reuse session parameters and issue unauthorized RTSP control commands without computing a valid Digest response.
Published: 2026-04-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized RTSP control command execution
Action: Assess Impact
AI Analysis

Impact

A flaw in the MERCURY MIPC252W camera firmware causes the RTSP service to ignore the Digest authentication response once a session has been established. After the initial DESCRIBE request is successfully authenticated, the camera does not verify the Digest response in subsequent SETUP, PLAY, or TEARDOWN requests. Consequently, an attacker with network access can replay the same nonce and session identifier and issue RTSP control commands even with an empty or invalid Authorization header. This allows unauthorized participants to interfere with camera streaming or potentially cause denial‑of‑service by repeatedly sending unsupported or repeated commands.

Affected Systems

The vulnerability affects the MERCURY MIPC252W IP camera running firmware 1.0.5 Build 230306 Rel.79931n. No other vendors or products are documented as impacted.

Risk and Exploitability

The issue is scored with a CVSS score of 9.8 and an EPSS score of < 1%, but its availability of a public LAN‑based replay attack, combined with a potential for media disruption or service denial, makes the risk significant. The CVE is not listed in the CISA KEV catalog. An attacker can rely on the guaranteed reuse of valid nonce and session values; no privileged credentials or exploitation of a complex chain is required, so the feasibility of exploitation is moderate to high for devices exposed to a local network.

Generated by OpenCVE AI on April 28, 2026 at 23:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the camera to the latest firmware version that implements proper Digest authentication checks.
  • Limit network exposure by placing the camera behind a firewall and restricting RTSP ports to trusted IP ranges.
  • If RTSP service is not required for operation, disable it entirely to eliminate the vulnerable interface.

Generated by OpenCVE AI on April 28, 2026 at 23:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercurycom
Mercurycom mipc252w
Mercurycom mipc252w Firmware
CPEs cpe:2.3:h:mercurycom:mipc252w:-:*:*:*:*:*:*:*
cpe:2.3:o:mercurycom:mipc252w_firmware:1.0.5:build_230306:*:*:*:*:*:*
Vendors & Products Mercurycom
Mercurycom mipc252w
Mercurycom mipc252w Firmware

Wed, 29 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Unauthorized RTSP Control via Improper Authentication in MERCURY MIPC252W

Tue, 28 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Unauthorized RTSP Control via Improper Authentication in MERCURY MIPC252W
Weaknesses CWE-287

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mercury
Mercury mipc252w
Vendors & Products Mercury
Mercury mipc252w

Mon, 27 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result, RTSP methods such as SETUP, PLAY, and TEARDOWN can be processed even when the Authorization header contains an empty or invalid response value, as long as the nonce and session identifier correspond to a previously authenticated session. This allows an attacker with network access to reuse session parameters and issue unauthorized RTSP control commands without computing a valid Digest response.
References

Subscriptions

Mercury Mipc252w
Mercurycom Mipc252w Mipc252w Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T15:45:37.220Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-35903

cve-icon Vulnrichment

Updated: 2026-04-28T14:55:28.611Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T19:16:52.817

Modified: 2026-05-05T13:39:47.200

Link: CVE-2026-35903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:45:16Z

Weaknesses