Is this vulnerability remotely exploitable over the Internet?

It can be, but only if the camera's RTSP service is reachable from the Internet (for example, via port forwarding, cloud relay, or misconfiguration). In many deployments the risk is initially constrained to local or VPN-accessible networks, but exposure depends entirely on how the device is connected.

What level of access does an attacker need to exploit this issue?

The attacker needs network-level access to the camera's RTSP port and the ability to observe or reuse session parameters (such as the nonce and session identifier) from a previously authenticated session. This can arise from being on the same LAN, having access to logs or traffic captures, or leveraging other weaknesses in the environment.

What is the safest general fix pattern for developers and vendors?

The most robust pattern is to enforce complete authentication checks on every privileged RTSP method, validating all Digest parameters (including the "response" value) per request, and not treating the mere presence of a session ID as proof of identity. Additionally, session tokens should be unguessable, bound to authenticated principals, and invalidated promptly when no longer needed.

Severity:

CRITICAL RISK

(9.8)

Improper Authentication (CWE-287) in MERCURY MIPC252W IP Camera RTSP Service

CVE-2026-35903

Published:

Apr 27, 2026

Status:

Undergoing Analysis

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-284;CWE-434

HIGH RISK

HIGH

(7.3)

Unrestricted File Upload (CWE-434) via Engine Handler exec in MindsDB BYOM Integration

Remote Code Execution and Arbitrary File Upload

May 3, 2026

CWE-287

HIGH RISK

HIGH

(7.3)

Improper Authentication (CWE-287) in JwtAuthenticationTokenFilter of yudao-cloud Ruoyi-Vue-Pro

Authentication Bypass / Unauthorized Access

May 3, 2026

Vulnerability Type

Category:

Improper Authentication

CWE:

CWE-287

Impact:

Unauthorized RTSP Session Hijacking and Stream Control

Severity:

CRITICAL RISK

(9.8)

CVSS Version:

3.1

Vulnerability Type

Category:

Improper Authentication

CWE:

CWE-287

Impact:

Unauthorized RTSP Session Hijacking and Stream Control

Severity:

CRITICAL RISK

(9.8)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Improper Authentication (CWE-287) in MERCURY MIPC252W IP Camera RTSP Service

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

HIGH RISK

HIGH

(7.3)

Unrestricted File Upload (CWE-434) via Engine Handler exec in MindsDB BYOM Integration

HIGH RISK

HIGH

(7.3)

Improper Authentication (CWE-287) in JwtAuthenticationTokenFilter of yudao-cloud Ruoyi-Vue-Pro

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare