CVE 9.8 CRITICAL

CVE-2026-35903_CVE-2026-35903

April 28, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result, RTSP methods such as SETUP, PLAY, and TEARDOWN can be processed even when the Authorization header contains an empty or invalid response value, as long as the nonce and session identifier correspond to a previously authenticated session. This allows an attacker with network access to reuse session parameters and issue unauthorized RTSP control commands without computing a valid Digest response.

AI Analysis

Improper authentication vulnerability in RTSP service allowing unauthorized control commands

Basic Information

ID CVE-2026-35903

Source mitre

Published Apr 27, 2026 at 00:00

Modified Apr 28, 2026 at 15:45

Affected Product

Vendor MERCURY

Product MERCURY MIPC252W

Version 1.0.5

Affected Versions n/a n/a n/a

CWE Classification

CWE-287

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor MERCURY

Product MIPC252W IP camera

Version 1.0.5

References

github.com /izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_4th/README.md

{
    "lastseen": "",
    "description": "MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result, RTSP methods such as SETUP, PLAY, and TEARDOWN can be processed even when the Authorization header contains an empty or invalid response value, as long as the nonce and session identifier correspond to a previously authenticated session. This allows an attacker with network access to reuse session parameters and issue unauthorized RTSP control commands without computing a valid Digest response.",
    "published": "2026-04-27T00:00:00.000Z",
    "modified": "2026-04-28T15:45:37.220Z",
    "type": "cve",
    "title": "CVE-2026-35903",
    "source": "mitre",
    "references": "https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_4th/README.md",
    "id": "CVE-2026-35903",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MERCURY MIPC252W",
    "version": "1.0.5",
    "vendor": "MERCURY",
    "ai_description": "Improper authentication vulnerability in RTSP service allowing unauthorized control commands",
    "ai_severity": "Critical",
    "ai_vendor": "MERCURY",
    "ai_product": "MIPC252W IP camera",
    "ai_version": "1.0.5",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply