Impact
Brickcom cameras ship with a set of default login credentials that an attacker can use to authenticate without prior access. This flaw allows an unauthenticated, remote attacker to silently view the camera's video feed, potentially revealing sensitive information or facilitating further attacks on the network. The weakness exploits improper credential management as identified by CWE-1392 and results in a compromise of confidentiality and potentially availability if the footage is used for malicious surveillance.
Affected Systems
The vulnerability affects multiple Brickcom camera product lines, including Box, Bullet, Cube, and Dome. No specific firmware or hardware revisions are listed, so all current models using the default credential set are potentially impacted. Users should assess the versions installed and determine whether the default credentials remain unchanged.
Risk and Exploitability
The CVSS score of 8.3 indicates high severity, and although the EPSS score is not available, the known public nature of the default credentials increases the likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. An attacker only needs network connectivity to the camera’s IP address and can proceed without further credentials, making the attack vector straightforward and risk of compromise considerable.
OpenCVE Enrichment