Brickcom IP Cameras Vulnerable to Unauthenticated Access and Default Credentials
Multiple Brickcom camera models (Cube, Dome, Bullet, Box version 3.2.3.5.6) contain critical vulnerabilities allowing remote attackers to access live video feeds without authentication. Two CVEs—one enabling unauthenticated snapshot retrieval via ONVIF endpoints and another exploiting default credentials—pose significant risks to physical security. The vendor did not coordinate with CISA on remediation.
Why it matters in Western Canada: Western Canadian healthcare facilities, municipal governments, universities, and financial institutions commonly deploy surveillance systems; these vulnerabilities could expose sensitive visual data and compromise physical security monitoring at critical infrastructure sites across the region.
CVEs: CVE-2026-50245, CVE-2026-50005
Summary generated from the original advisory. Read the full source: cisa-advisories
- Source
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03
- CVEs
- CVE-2026-50245, CVE-2026-50005
- Tags
- ip-camera, authentication, default-credentials, surveillance, iot
- Provenance
- mask2-ti-pipeline (AI-assisted, human-reviewable)