Description
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
Published: 2026-06-11
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Brickcom cameras expose a critical function that allows unauthenticated retrieval of live and still images via the /ONVIF endpoint. By accessing this endpoint without credentials, an attacker can view camera snapshots, effectively compromising the confidentiality of internal footage. This vulnerability reflects improper authentication (CWE-306).

Affected Systems

The flaw impacts Brickcom Box, Bullet, Cube, and Dome camera models. No specific firmware or serial version details are supplied, therefore all devices listed are presumed vulnerable until a vendor update is released.

Risk and Exploitability

The CVSS score of 8.3 signals a high severity risk, while the EPSS score is unavailable, indicating uncertainty about current exploitation trends. The flaw is not recorded in CISA’s KEV catalog, so no public exploits are known. Attackers can exploit the vulnerable endpoint over the network, requiring only connectivity to the camera. The likely attack vector is network-based, necessitating no special conditions beyond access to the device’s service port.

Generated by OpenCVE AI on June 11, 2026 at 21:26 UTC.

Remediation

Vendor Workaround

Brickcom did not respond to CISAs request for coordination. Users are encouraged to reach out to Brickcom for support: https://www.brickcom.com/case/

OpenCVE Recommended Actions

  • Contact Brickcom support or visit the Brickcom case portal for instructions on mitigating the vulnerability.
  • Restrict network access to the /ONVIF endpoint by configuring firewall rules or network segmentation so that only trusted networks or devices can reach the camera.
  • If the ONVIF protocol is not essential, disable it entirely or restrict it to authenticated users via VPN or ACLs.

Generated by OpenCVE AI on June 11, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
Title Brickcom Cameras Missing Authentication for Critical Function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-11T19:48:44.873Z

Reserved: 2026-06-08T21:06:16.071Z

Link: CVE-2026-50245

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T21:16:22.303

Modified: 2026-06-11T21:16:22.303

Link: CVE-2026-50245

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T21:30:05Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function