CVE-2026-35902
Denial of Service via Digest Authentication Flaw in MERCURY MIPC252W RTSP
Publication date: 2026-04-27
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mercurycom | mipc252w_firmware | 1.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to restart the affected MERCURY MIPC252W IP camera device to clear the persistent authentication failure state caused by the attack.
Since the vulnerability is triggered by repeated invalid Digest authentication attempts, limiting access to the RTSP service to trusted local network users can reduce exposure.
Additional steps include monitoring for suspicious RTSP traffic and applying any available firmware updates from the vendor that address this issue.
Can you explain this vulnerability to me?
CVE-2026-35902 affects the RTSP service of the MERCURY IP camera model MIPC252W running firmware version 1.0.5 Build 230306. The vulnerability is a state management flaw in handling failed Digest authentication attempts.
An unauthenticated attacker can exploit this by repeatedly sending RTSP requests with invalid Digest authentication parameters, such as forged nonce and response values. This causes the RTSP service to enter a persistent authentication failure state.
As a result, legitimate clients are locked out from authenticating, leading to a denial-of-service condition until the device is restarted.
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service (DoS) condition on the affected MERCURY IP camera by locking the RTSP authentication mechanism.
Legitimate users will be unable to authenticate and access the RTSP video stream, disrupting normal video streaming availability.
The denial of service persists until the device is rebooted, potentially causing significant disruption in surveillance or monitoring operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the RTSP service behavior on the MERCURY MIPC252W camera. Signs include repeated authentication prompts for legitimate clients and inability to access the RTSP video stream.
Detection involves observing abnormal RTSP authentication failures caused by repeated invalid Digest authentication attempts.
To detect exploitation attempts, you can capture and analyze RTSP traffic on the local network using tools like Wireshark or tcpdump, looking for repeated RTSP requests (OPTIONS, DESCRIBE, SETUP) with invalid or forged Digest authentication headers.
Commands to capture RTSP traffic might include:
- tcpdump -i <interface> port 554 -w rtsp_capture.pcap
- tshark -r rtsp_capture.pcap -Y "rtsp.authorization" -T fields -e rtsp.authorization
Analyzing the captured packets for repeated failed Digest authentication attempts with fixed nonce and response values can indicate an ongoing attack.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-35902 on compliance with common standards and regulations such as GDPR or HIPAA.