CVE-2026-50245
Description
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint, exposing video feeds to remote attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint, exposing video feeds to remote attackers.
Vulnerability
Brickcom cameras (Cube, Dome, Bullet, Box) running firmware version 3.2.3.5.6 expose the /ONVIF endpoint without authentication. This allows any remote unauthenticated attacker to retrieve live snapshot images from the camera feed. The vulnerability is classified as CWE-306 Missing Authentication for Critical Function [1].
Exploitation
An attacker with network access to the camera can send a request to the /ONVIF endpoint without any authentication. No prior knowledge or credentials are required. The attacker simply needs to know the camera's IP address and the endpoint path. The advisory notes that the camera also ships with default credentials (CVE-2026-50005), but for this specific vulnerability, no authentication is needed at all [1].
Impact
Successful exploitation enables an unauthenticated remote attacker to gain unauthorized access to live video feeds, retrieving sensitive visual information from the premises where the camera is deployed. This could lead to privacy breaches and surveillance of secured areas [1].
Mitigation
As of the advisory publication date (2026-06-11), no official fix has been released by Brickcom. Users are advised to restrict network access to the camera's ONVIF endpoint, for example by placing the camera behind a firewall or VPN, and to monitor for vendor updates. The affected products are listed as "known_affected" in the CISA advisory [1].
AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing authentication check on the /ONVIF endpoint allows unauthenticated retrieval of live snapshot images."
Attack vector
An unauthenticated attacker can access live snapshot images by sending a request to the /ONVIF endpoint on a Brickcom camera [ref_id=1]. No authentication is required to retrieve still images from the camera feed [ref_id=1]. The attack is performed over the network against the camera's web interface, and the advisory notes that successful exploitation could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds [ref_id=1]. This corresponds to CWE-306 (Missing Authentication for Critical Function) [ref_id=1].
Affected code
The advisory identifies the /ONVIF endpoint as the affected code path [ref_id=1]. The specific affected products are Brickcom Cube, Dome, Bullet, and Box models running firmware version 3.2.3.5.6 [ref_id=1]. No source code or patch files are provided in the bundle.
What the fix does
The advisory does not include a patch or code fix. The recommended remediation is to minimize network exposure for affected devices, ensure they are not accessible from the internet, locate control system networks behind firewalls, and use VPNs for remote access [ref_id=1]. No vendor-supplied firmware update is described in the available reference.
Preconditions
- networkAttacker must have network access to the Brickcom camera's web interface (typically port 80/443).
- inputAttacker sends an HTTP request to the /ONVIF endpoint on the camera.
Generated on Jun 11, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
1- Brickcom CamerasCISA ICS Advisories