CVE-2026-35901
Denial-of-Service via RTSP Session Handling in Mercury MIPC252W
Publication date: 2026-04-27
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercurycom | mipc252w_firmware | 1.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-35901 is a vulnerability in the RTSP service of the MERCURY MIPC252W IP camera firmware version 1.0.5 Build 230306 Rel.79931n. It is caused by improper handling of repeated SETUP requests for the same media track within a single RTSP session.
An authenticated attacker who has valid credentials can exploit this flaw by sending multiple SETUP requests targeting the same media track instead of progressing normally through the media tracks. This abnormal sequence causes the RTSP service to enter an inconsistent state, which actively terminates the session and resets the RTSP connection.
As a result, the RTSP video stream from the camera is interrupted, causing a denial-of-service condition that affects the availability and stability of the device's video service.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial-of-service (DoS) condition on the affected MERCURY MIPC252W IP camera's RTSP video stream.
An attacker with valid authentication credentials can repeatedly send malformed RTSP SETUP requests, which will cause the camera's RTSP service to terminate sessions and reset connections.
This leads to interruptions in video streaming, reducing the availability and reliability of the camera's video feed, which could affect surveillance, monitoring, or any use case relying on continuous video access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring RTSP sessions on the MERCURY MIPC252W IP camera for repeated SETUP requests targeting the same media track within a single session, which causes session termination and RTSP connection resets.
A proof-of-concept Python script exists that establishes an RTSP connection, performs OPTIONS and DESCRIBE requests, authenticates using RTSP Digest authentication, and then sends repeated SETUP requests for the same media track to trigger the vulnerability.
To detect this on your network, you can capture and analyze RTSP traffic using tools like Wireshark or tcpdump to identify repeated SETUP requests for the same media track within a session.
- Use tcpdump to capture RTSP traffic: tcpdump -i <interface> -s 0 -w rtsp_traffic.pcap port 554
- Analyze the captured traffic in Wireshark, filtering for RTSP SETUP requests: rtsp.request.method == "SETUP"
- Look for multiple SETUP requests for the same media track within a single RTSP session.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the RTSP service to trusted and authenticated users only, since exploitation requires valid credentials.
Monitor RTSP sessions for abnormal repeated SETUP requests and consider temporarily disabling RTSP service if possible until a firmware update or patch is available.
Limit network exposure of the MERCURY MIPC252W device by placing it behind firewalls or network segmentation to reduce the risk of authenticated attackers reaching the RTSP service.