Search
Find a vulnerability
Search criteria
4 vulnerabilities by Brickcom
CVE-2026-50005 (GCVE-0-2026-50005)
Vulnerability from cvelistv5 – Published: 2026-06-11 19:49 – Updated: 2026-06-12 13:48
VLAI
Title
Brickcom Cameras Use of Default Credentials
Summary
Brickcom cameras
ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - Use of default credentials
Assigner
References
Impacted products
Date Public
2026-06-11 17:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T13:48:15.365465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:48:25.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cube",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dome",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Bullet",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Box",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo."
}
],
"datePublic": "2026-06-11T17:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eBrickcom cameras\u003c/span\u003e\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds."
}
],
"value": "Brickcom cameras\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds."
}
],
"metrics": [
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of default credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T19:49:17.928Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.brickcom.com/case/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"
}
],
"source": {
"advisory": "ICSA-26-162-03",
"discovery": "EXTERNAL"
},
"title": "Brickcom Cameras Use of Default Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eBrickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:\u003c/span\u003e\u003cbr\u003e\u003ca href=\"https://www.brickcom.com/case/\"\u003ehttps://www.brickcom.com/case/\u003c/a\u003e"
}
],
"value": "Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:\n https://www.brickcom.com/case/"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-50005",
"datePublished": "2026-06-11T19:49:17.928Z",
"dateReserved": "2026-06-08T21:06:16.101Z",
"dateUpdated": "2026-06-12T13:48:25.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50245 (GCVE-0-2026-50245)
Vulnerability from cvelistv5 – Published: 2026-06-11 19:48 – Updated: 2026-06-12 13:49
VLAI
Title
Brickcom Cameras Missing Authentication for Critical Function
Summary
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T13:48:50.950657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:49:02.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cube",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dome",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Bullet",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Box",
"vendor": "Brickcom",
"versions": [
{
"status": "affected",
"version": "3.2.3.5.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Brickcom cameras\u0026nbsp;allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed."
}
],
"value": "Brickcom cameras\u00a0allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T19:48:44.873Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.brickcom.com/case/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"
}
],
"source": {
"advisory": "ICSA-26-162-03",
"discovery": "EXTERNAL"
},
"title": "Brickcom Cameras Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eBrickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:\u003c/span\u003e\u003cbr\u003e\u003ca href=\"https://www.brickcom.com/case/\"\u003ehttps://www.brickcom.com/case/\u003c/a\u003e"
}
],
"value": "Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support:\n https://www.brickcom.com/case/"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-50245",
"datePublished": "2026-06-11T19:48:44.873Z",
"dateReserved": "2026-06-08T21:06:16.071Z",
"dateUpdated": "2026-06-12T13:49:02.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-3689 (GCVE-0-2013-3689)
Vulnerability from cvelistv5 – Published: 2013-10-04 23:00 – Updated: 2024-09-17 03:38
VLAI
Summary
Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-04T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3689",
"datePublished": "2013-10-04T23:00:00.000Z",
"dateReserved": "2013-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:30.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3690 (GCVE-0-2013-3690)
Vulnerability from cvelistv5 – Published: 2013-10-01 19:00 – Updated: 2024-09-17 04:28
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-01T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3690",
"datePublished": "2013-10-01T19:00:00.000Z",
"dateReserved": "2013-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:28:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}