Description
Brickcom cameras
ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
Published: 2026-06-11
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Brickcom cameras ship with a set of default login credentials that an attacker can use to authenticate without prior access. This flaw allows an unauthenticated, remote attacker to silently view the camera's video feed, potentially revealing sensitive information or facilitating further attacks on the network. The weakness exploits improper credential management as identified by CWE-1392 and results in a compromise of confidentiality and potentially availability if the footage is used for malicious surveillance.

Affected Systems

The vulnerability affects multiple Brickcom camera product lines, including Box, Bullet, Cube, and Dome. No specific firmware or hardware revisions are listed, so all current models using the default credential set are potentially impacted. Users should assess the versions installed and determine whether the default credentials remain unchanged.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity, and although the EPSS score is not available, the known public nature of the default credentials increases the likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. An attacker only needs network connectivity to the camera’s IP address and can proceed without further credentials, making the attack vector straightforward and risk of compromise considerable.

Generated by OpenCVE AI on June 11, 2026 at 21:56 UTC.

Remediation

Vendor Workaround

Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support: https://www.brickcom.com/case/


OpenCVE Recommended Actions

  • Contact Brickcom support via https://www.brickcom.com/case/ to request an official patch or firmware update.
  • Immediately change or disable the default credentials on every Brickcom camera to eliminate the authentication shortcut.
  • Configure network segmentation or firewall rules to restrict external access to camera IPs, ensuring only authorized devices can reach the cameras.

Generated by OpenCVE AI on June 11, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Brickcom
Brickcom box
Brickcom bullet
Brickcom cube
Brickcom dome
Vendors & Products Brickcom
Brickcom box
Brickcom bullet
Brickcom cube
Brickcom dome

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
Title Brickcom Cameras Use of Default Credentials
Weaknesses CWE-1392
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-12T13:48:25.957Z

Reserved: 2026-06-08T21:06:16.101Z

Link: CVE-2026-50005

cve-icon Vulnrichment

Updated: 2026-06-12T13:48:22.054Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T21:16:22.140

Modified: 2026-06-12T16:06:47.720

Link: CVE-2026-50005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:21:34Z

Weaknesses