PatchSiren cyber security CVE debrief
CVE-2026-51597 MERCURY CVE debrief
The MERCURY MIPC252W IP camera, version 1.0.5 Build 230306 Rel.79931n, is vulnerable to an authentication bypass attack. The camera's RTSP Digest authentication mechanism does not implement nonce expiration, which allows an adjacent network attacker to capture a legitimate authentication exchange and replay the nonce and response values in a new connection. This enables the attacker to bypass authentication without knowledge of the device credentials, gaining unauthorized access to the live video stream.
- Vendor
- MERCURY
- Product
- MIPC252W IP camera
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of the MERCURY MIPC252W IP camera, particularly those in environments where network security is a concern, should be aware of this vulnerability. This includes organizations that utilize these cameras for surveillance in sensitive areas, such as corporate offices, public spaces, or critical infrastructure.
Technical summary
The vulnerability exists due to the lack of nonce expiration in the RTSP Digest authentication mechanism of the MERCURY MIPC252W IP camera. RTSP (Real-Time Streaming Protocol) is used for controlling streaming media servers. The Digest authentication method is intended to be more secure than basic authentication by not transmitting passwords in plain text. However, without nonce expiration, an attacker can reuse a captured nonce and response pair to authenticate without needing the actual device credentials. This issue allows an adjacent network attacker to bypass authentication and gain access to the live video stream.
Defensive priority
High
Recommended defensive actions
- Immediately apply the vendor's patch or update if available.
- Implement network segmentation to limit the attack surface.
- Monitor network traffic for suspicious RTSP authentication attempts.
- Consider using alternative authentication methods if supported by the device.
- Regularly review and update the camera's firmware.
Evidence notes
The information provided is based on the CVE record and NVD details. Further investigation and verification are recommended to fully understand the scope and impact of this vulnerability. The MERCURY MIPC252W IP camera's RTSP Digest authentication mechanism does not implement nonce expiration, allowing an adjacent network attacker to capture and replay a legitimate authentication exchange. This enables unauthorized access to the live video stream without device credentials. Administrators should verify the camera's firmware version and consider applying patches or updates. Additionally, defenders should review network traffic for suspicious RTSP authentication attempts and implement network segmentation to limit the attack surface.
Official resources
-
CVE-2026-51597 CVE record
CVE.org
-
CVE-2026-51597 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:16:59.333Z and has not been modified since then.