CVE-2026-51599 in MIPC252Winfo

Summary

by MITRE • 07/09/2026

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/09/2026

This vulnerability resides within the real-time streaming protocol service of mercury mipc252w ip camera firmware version 105 build 230306 rel79931n presenting a classic case of insufficient input validation that enables denial of service exploitation by unauthenticated remote attackers. The flaw manifests specifically in the rtsp parser's handling of malformed requests where it fails to properly validate the consistency between content-length header and actual message body presence, creating a dangerous state transition that fundamentally undermines connection integrity.

The technical implementation of this vulnerability follows a well-defined attack pattern that aligns with common protocol parsing weaknesses categorized under cwe-20 input validation and error handling. When an attacker sends an rtsp request containing a content-length header without the corresponding message body, the parser enters a body-waiting state expecting data that will never arrive. This represents a failure in the rtsp service's state machine design where proper request validation should occur before state transitions are permitted. The parser's behavior creates a resource consumption scenario where all subsequent tcp data received on the connection is silently consumed as if it were part of the missing message body, effectively rendering the connection unusable for legitimate traffic.

The operational impact extends beyond simple service disruption to encompass broader network reliability concerns and potential cascading effects within security monitoring systems. This vulnerability allows attackers to consume server-side resources through a relatively simple attack vector requiring no authentication credentials or advanced privileges, making it particularly dangerous in environments where ip cameras serve as critical components of surveillance infrastructure. The connection state manipulation causes all subsequent data to be consumed silently until the server-side timeout occurs, creating an extended period where legitimate users cannot establish new connections or maintain existing ones.

Mitigation strategies should address both immediate defensive measures and fundamental architectural improvements. Immediate remediation involves implementing strict input validation that requires content-length headers to match actual message body presence, ensuring that parsers do not enter body-waiting states without proper request consistency verification. Network-level protections including firewall rules that limit rtsp port access and connection rate limiting can provide additional defense in depth. The implementation should reference secure coding practices from owasp top ten and mitre attack framework, particularly focusing on defensive techniques against protocol-based denial of service attacks. Regular firmware updates and proper input sanitization procedures must be enforced to prevent similar vulnerabilities from emerging in future releases.

This vulnerability demonstrates how seemingly minor parsing inconsistencies can create significant operational risks within embedded network devices, emphasizing the critical importance of robust input validation in all network-facing components. The attack scenario represents a typical example of resource exhaustion attacks that can be amplified through automated scanning tools, making this issue particularly concerning for organizations deploying large numbers of similar ip camera devices. Proper implementation of connection lifecycle management and request state validation would eliminate this vulnerability by ensuring that malformed requests are rejected immediately rather than processed through potentially dangerous intermediate states, thus maintaining system availability and preventing unauthorized resource consumption.

Responsible

MITRE

Reservation

06/08/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!