CVE-2026-51597
Received Received - Intake

RTSP Digest Authentication Bypass in MERCURY MIPC252W IP Camera

Vulnerability report for CVE-2026-51597, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: MITRE

Description

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without knowledge of the device credentials, gaining unauthorized access to the live video stream.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mercury mipc252w 1.0.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-51597 is a replay attack vulnerability affecting the RTSP service of the MERCURY MIPC252W IP camera version 1.0.5 Build 230306 Rel.79931n.

The device does not implement nonce expiration or invalidation in its RTSP Digest authentication, which is against the recommendations of RFC 2617.

An attacker on the same network can passively capture a legitimate authentication exchange and then reuse the captured nonce and response values to authenticate without knowing the device password.

This allows the attacker to bypass authentication and gain unauthorized access to the camera's live video stream by submitting the captured credentials in a new connection.

The vulnerability enables persistent unauthorized access because the device accepts historically captured credentials even days later.

Impact Analysis

This vulnerability allows an attacker on an adjacent network to bypass authentication and gain unauthorized access to the live video stream of the affected IP camera.

The attacker does not need to know the device credentials and can use previously captured authentication data to repeatedly access the camera.

This unauthorized access poses a serious threat to user privacy and the security of surveillance data.

It can lead to exposure of sensitive video feeds, potentially compromising personal or organizational security.

Detection Guidance

This vulnerability can be detected by monitoring RTSP authentication exchanges on the network to identify replayed nonce and response values. An attacker captures legitimate RTSP Digest authentication messages and reuses them to bypass authentication.

To detect such replay attacks, you can capture RTSP traffic using network packet capture tools like tcpdump or Wireshark and analyze for repeated nonce and response pairs in authentication headers.

  • Use tcpdump to capture RTSP traffic on the relevant network interface: tcpdump -i <interface> -s 0 -w rtsp_capture.pcap port 554
  • Open the captured file in Wireshark and filter for RTSP authentication headers to look for repeated nonce and response values.
  • Look for multiple RTSP SETUP, PLAY, or TEARDOWN requests using the same nonce and response values, indicating replayed authentication.
Mitigation Strategies

Immediate mitigation steps include restricting network access to the IP camera to trusted devices only, such as by using VLANs or firewall rules to limit access to the RTSP service.

Since the device firmware does not implement nonce expiration, avoid exposing the camera to adjacent or untrusted networks to prevent replay attacks.

Monitor RTSP traffic for suspicious repeated authentication attempts and consider disabling RTSP if not needed.

Check with the vendor for firmware updates that address nonce expiration or implement stronger authentication mechanisms.

Compliance Impact

This vulnerability allows unauthorized access to live video streams by bypassing authentication through replay attacks, which compromises user privacy and surveillance data security.

Such unauthorized access and lack of proper authentication controls can lead to violations of privacy and data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized disclosure.

The persistent unauthorized access enabled by the vulnerability undermines the confidentiality and integrity of surveillance data, potentially resulting in non-compliance with these common standards and regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-51597. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart