PatchSiren

MERCURY CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL MERCURY CVE published 2026-07-09

CVE-2026-51597

The MERCURY MIPC252W IP camera, version 1.0.5 Build 230306 Rel.79931n, is vulnerable to an authentication bypass attack. The camera's RTSP Digest authentication mechanism does not implement nonce expiration, which allows an adjacent network attacker to capture a legitimate authentication exchange and replay the nonce and response values in a new connection. This enables the attacker to bypass authenticati [truncated]