PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-51597 MERCURY CVE debrief

The MERCURY MIPC252W IP camera, version 1.0.5 Build 230306 Rel.79931n, is vulnerable to an authentication bypass attack. The camera's RTSP Digest authentication mechanism does not implement nonce expiration, which allows an adjacent network attacker to capture a legitimate authentication exchange and replay the nonce and response values in a new connection. This enables the attacker to bypass authentication without knowledge of the device credentials, gaining unauthorized access to the live video stream.

Vendor
MERCURY
Product
MIPC252W IP camera
CVSS
CRITICAL 9.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Administrators and users of the MERCURY MIPC252W IP camera, particularly those in environments where network security is a concern, should be aware of this vulnerability. This includes organizations that utilize these cameras for surveillance in sensitive areas, such as corporate offices, public spaces, or critical infrastructure.

Technical summary

The vulnerability exists due to the lack of nonce expiration in the RTSP Digest authentication mechanism of the MERCURY MIPC252W IP camera. RTSP (Real-Time Streaming Protocol) is used for controlling streaming media servers. The Digest authentication method is intended to be more secure than basic authentication by not transmitting passwords in plain text. However, without nonce expiration, an attacker can reuse a captured nonce and response pair to authenticate without needing the actual device credentials. This issue allows an adjacent network attacker to bypass authentication and gain access to the live video stream.

Defensive priority

High

Recommended defensive actions

  • Immediately apply the vendor's patch or update if available.
  • Implement network segmentation to limit the attack surface.
  • Monitor network traffic for suspicious RTSP authentication attempts.
  • Consider using alternative authentication methods if supported by the device.
  • Regularly review and update the camera's firmware.

Evidence notes

The information provided is based on the CVE record and NVD details. Further investigation and verification are recommended to fully understand the scope and impact of this vulnerability. The MERCURY MIPC252W IP camera's RTSP Digest authentication mechanism does not implement nonce expiration, allowing an adjacent network attacker to capture and replay a legitimate authentication exchange. This enables unauthorized access to the live video stream without device credentials. Administrators should verify the camera's firmware version and consider applying patches or updates. Additionally, defenders should review network traffic for suspicious RTSP authentication attempts and implement network segmentation to limit the attack surface.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:16:59.333Z and has not been modified since then.