CVE-2026-50245 | THREATINT

Description

Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-11 | Updated 2026-06-12 | Assigner icscert

HIGH: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

HIGH: 8.3CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

Problem types

CWE-306 Missing authentication for critical function

Product status

Default status

unaffected

3.2.3.5.6

affected

Default status

unaffected

3.2.3.5.6

affected

Default status

unaffected

3.2.3.5.6

affected

Default status

unaffected

3.2.3.5.6

affected

Credits

CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo. finder

References

www.brickcom.com/case/

www.cisa.gov/news-events/ics-advisories/icsa-26-162-03

github.com/...p/csaf_files/OT/white/2026/icsa-26-162-03.json

cve.org (CVE-2026-50245)

nvd.nist.gov (CVE-2026-50245)

Download JSON

help @ threatint.eu