Yankang

**Name of the Vulnerable Software and Affected Versions** MERCURY MIPC252W version 1.0.5 Build 230306 Rel.79931n **Description** A null pointer dereference occurs in the RTSP service during the processing of a SETUP request for the endpoint "rtsp://<IP>:554/stream1/track2". The issue arises because the device fails to properly validate the `Transport` header field. If this header is improperly constructed, the service dereferences a NULL pointer during request parsing, leading to a device crash and automatic reboot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MERCURY IP camera MIPC252W version 1.0.5 Build 230306 **Description** The RTSP service has an issue handling failed Digest authentication attempts. An unauthenticated attacker can repeatedly send RTSP requests with invalid authentication parameters, causing the service to enter a persistent authentication failure state. This prevents legitimate clients from authenticating, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MERCURY MIPC252W version 1.0.5 Build 230306 Rel.79931n **Description** An improper authentication issue exists in the RTSP service. Following a successful Digest authentication during an initial 'DESCRIBE' request, the device fails to verify the Digest response parameter in subsequent RTSP requests within the same session. Consequently, RTSP methods including 'SETUP', 'PLAY', and 'TEARDOWN' can be processed even if the `Authorization` header contains an empty or invalid response value, provided the `nonce` and session identifier match a previously authenticated session. This allows an attacker with network access to reuse session parameters and issue unauthorized RTSP control commands without a valid Digest response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.