Mercury MIPC252W RTSP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the RTSP service of the Mercury MIPC252W camera, firmware version 1.0.5 Build 230306 Rel.79931n. This vulnerability allows an authenticated attacker to disrupt the RTSP session by repeatedly sending SETUP requests for the same media track within a single session. The server responds by resetting the RTSP connection, causing a disruption in the video stream and leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability interrupts the RTSP video stream, causing a denial-of-service condition that reduces the availability and stability of the device's video service.

Reproduction

The vulnerability can be reproduced by establishing an RTSP session with the camera and then sending repeated SETUP requests for the same media track within that session. This abnormal request sequence causes the RTSP service to terminate the session, resetting the connection and disrupting the video stream.