CVE-2026-50005 - Vulnerability Details - OpenCVE

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json
https://www.brickcom.com/case/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03

History

Thu, 11 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
Title		Brickcom Cameras Use of Default Credentials
Weaknesses		CWE-1392
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json https://www.brickcom.com/case/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-06-11T19:49:17.928Z

Updated: 2026-06-11T19:49:17.928Z

Reserved: 2026-06-08T21:06:16.101Z

Link: CVE-2026-50005

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-11T21:16:22.140

Modified: 2026-06-11T21:16:22.140

Link: CVE-2026-50005

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-50005", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-06-08T21:06:16.101Z", "datePublished": "2026-06-11T19:49:17.928Z", "dateUpdated": "2026-06-11T19:49:17.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-11T19:49:17.928Z"}, "title": "Brickcom Cameras Use of Default Credentials", "datePublic": "2026-06-11T17:42:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1392", "description": "CWE-1392 Use of default credentials", "type": "CWE"}]}], "affected": [{"vendor": "Brickcom", "product": "Cube", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}, {"vendor": "Brickcom", "product": "Dome", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}, {"vendor": "Brickcom", "product": "Bullet", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}, {"vendor": "Brickcom", "product": "Box", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Brickcom cameras\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Brickcom cameras</span>\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds."}]}], "references": [{"url": "https://www.brickcom.com/case/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"}], "metrics": [{"other": {"type": "ssvc", "content": {"options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CNA", "version": "2.0.3"}}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"}}], "workarounds": [{"lang": "en", "value": "Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:\n https://www.brickcom.com/case/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:</span><br><a href=\"https://www.brickcom.com/case/\">https://www.brickcom.com/case/</a>"}]}], "credits": [{"lang": "en", "value": "CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo.", "type": "finder"}], "source": {"advisory": "ICSA-26-162-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Brickcom cameras\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds."}], "id": "CVE-2026-50005", "lastModified": "2026-06-11T21:16:22.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-11T21:16:22.140", "references": [{"source": "[email protected]", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"}, {"source": "[email protected]", "url": "https://www.brickcom.com/case/"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "[email protected]", "type": "Primary"}]}