Search criteria
2 vulnerabilities found for Sarix Professional IMP 3 Series by Pelco, Inc.
CVE-2026-1241 (GCVE-0-2026-1241)
Vulnerability from nvd – Published: 2026-02-26 19:21 – Updated: 2026-02-26 20:43
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras
Summary
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pelco, Inc. | Sarix Professional IMP 3 Series |
Affected:
0 , ≤ 02.52
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Souvik Kandar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T20:43:12.875844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T20:43:53.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IMP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IXP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IBP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IWP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.\u003cbr\u003e"
}
],
"value": "The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:21:26.754Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements.\u003cbr\u003e\u003cbr\u003eMore information can be found by visiting Pelco, Inc\u0027s technical support page (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.pelco.com/support\"\u003ehttps://www.pelco.com/support\u003c/a\u003e) for assistance.\u003cbr\u003e"
}
],
"value": "Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements.\n\nMore information can be found by visiting Pelco, Inc\u0027s technical support page ( https://www.pelco.com/support ) for assistance."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1241",
"datePublished": "2026-02-26T19:21:26.754Z",
"dateReserved": "2026-01-20T18:26:34.854Z",
"dateUpdated": "2026-02-26T20:43:53.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1241 (GCVE-0-2026-1241)
Vulnerability from cvelistv5 – Published: 2026-02-26 19:21 – Updated: 2026-02-26 20:43
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras
Summary
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pelco, Inc. | Sarix Professional IMP 3 Series |
Affected:
0 , ≤ 02.52
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Souvik Kandar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T20:43:12.875844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T20:43:53.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IMP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IXP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IBP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sarix Professional IWP 3 Series",
"vendor": "Pelco, Inc.",
"versions": [
{
"lessThanOrEqual": "02.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.\u003cbr\u003e"
}
],
"value": "The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:21:26.754Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements.\u003cbr\u003e\u003cbr\u003eMore information can be found by visiting Pelco, Inc\u0027s technical support page (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.pelco.com/support\"\u003ehttps://www.pelco.com/support\u003c/a\u003e) for assistance.\u003cbr\u003e"
}
],
"value": "Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements.\n\nMore information can be found by visiting Pelco, Inc\u0027s technical support page ( https://www.pelco.com/support ) for assistance."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1241",
"datePublished": "2026-02-26T19:21:26.754Z",
"dateReserved": "2026-01-20T18:26:34.854Z",
"dateUpdated": "2026-02-26T20:43:53.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}