CVE-2026-50245 - Vulnerability Details - OpenCVE

Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json
https://www.brickcom.com/case/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03

History

Thu, 11 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
Title		Brickcom Cameras Missing Authentication for Critical Function
Weaknesses		CWE-306
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json https://www.brickcom.com/case/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-06-11T19:48:44.873Z

Updated: 2026-06-11T19:48:44.873Z

Reserved: 2026-06-08T21:06:16.071Z

Link: CVE-2026-50245

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-11T21:16:22.303

Modified: 2026-06-11T21:16:22.303

Link: CVE-2026-50245

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-11T21:30:05Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-50245", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-06-08T21:06:16.071Z", "datePublished": "2026-06-11T19:48:44.873Z", "dateUpdated": "2026-06-11T19:48:44.873Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-11T19:48:44.873Z"}, "title": "Brickcom Cameras Missing Authentication for Critical Function", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "affected": [{"vendor": "Brickcom", "product": "Cube", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}, {"vendor": "Brickcom", "product": "Dome", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}, {"vendor": "Brickcom", "product": "Bullet", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}, {"vendor": "Brickcom", "product": "Box", "versions": [{"status": "affected", "version": "3.2.3.5.6"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Brickcom cameras\u00a0allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed."}]}], "references": [{"url": "https://www.brickcom.com/case/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N"}}], "workarounds": [{"lang": "en", "value": "Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:\n https://www.brickcom.com/case/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:</span><br><a href=\"https://www.brickcom.com/case/\">https://www.brickcom.com/case/</a>"}]}], "credits": [{"lang": "en", "value": "CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo.", "type": "finder"}], "source": {"advisory": "ICSA-26-162-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Brickcom cameras\u00a0allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed."}], "id": "CVE-2026-50245", "lastModified": "2026-06-11T21:16:22.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-11T21:16:22.303", "references": [{"source": "[email protected]", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"}, {"source": "[email protected]", "url": "https://www.brickcom.com/case/"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "[email protected]", "type": "Primary"}]}