Executive Summary
In June 2026, critical vulnerabilities were identified in Brickcom cameras, specifically models Cube, Dome, Bullet, and Box version 3.2.3.5.6. These flaws, cataloged as CVE-2026-50245 and CVE-2026-50005, allow unauthenticated remote attackers to access live video feeds and still images via the /ONVIF endpoint without requiring authentication. Additionally, the use of default credentials enables silent access to camera feeds, compromising sensitive visual information and potentially granting administrative control over the devices.
The exploitation of these vulnerabilities poses significant risks to sectors such as Commercial Facilities, Critical Manufacturing, Financial Services, and Healthcare, where surveillance systems are integral to security operations. The absence of authentication mechanisms in these cameras underscores the critical need for robust access controls and regular security assessments to prevent unauthorized access and data breaches.
Why This Matters Now
The discovery of these vulnerabilities highlights the urgent need for organizations to assess and secure their surveillance systems. With increasing reliance on IoT devices, ensuring proper authentication and access controls is paramount to prevent unauthorized access and protect sensitive information.
Attack Path Analysis
An attacker exploited the lack of authentication on Brickcom cameras to access live video feeds. Using default credentials, they gained administrative control over the devices. The attacker then moved laterally to other networked devices. They established a command and control channel to maintain persistent access. Sensitive data was exfiltrated from the compromised devices. Finally, the attacker disrupted operations by disabling the cameras.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited the lack of authentication on Brickcom cameras to access live video feeds.
Related CVEs
CVE-2026-50245
CVSS 7.7The affected product allows unauthenticated access to live snapshot images via the /ONVIF endpoint, enabling retrieval of still images from the camera feed without authentication.
Affected Products:
Brickcom Brickcom Cube – 3.2.3.5.6
Brickcom Brickcom Dome – 3.2.3.5.6
Brickcom Brickcom Bullet – 3.2.3.5.6
Brickcom Brickcom Box – 3.2.3.5.6
Exploit Status:
no public exploitCVE-2026-50005
CVSS 7.7The affected product ships with default credentials that allow any unauthenticated remote attacker to silently access camera feeds.
Affected Products:
Brickcom Brickcom Cube – 3.2.3.5.6
Brickcom Brickcom Dome – 3.2.3.5.6
Brickcom Brickcom Bullet – 3.2.3.5.6
Brickcom Brickcom Box – 3.2.3.5.6
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Valid Accounts
Brute Force
Remote Services
Application Layer Protocol
Command and Scripting Interpreter
Account Discovery
OS Credential Dumping
Network Sniffing
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Default Accounts and Passwords
Control ID: 8.2.3
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity
Control ID: Pillar 1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Security/Investigations
IoT camera vulnerabilities expose critical surveillance infrastructure to unauthorized access, compromising physical security monitoring and enabling potential breaches of secured facilities.
Health Care / Life Sciences
Brickcom camera default credentials and missing authentication threaten HIPAA compliance, exposing patient areas and medical facilities to unauthorized visual surveillance.
Financial Services
Unprotected camera feeds in banking facilities create regulatory violations and security risks, allowing attackers to monitor transactions and access sensitive areas.
Critical Manufacturing
Compromised industrial cameras enable reconnaissance of manufacturing processes, intellectual property theft, and potential disruption of critical infrastructure through visual intelligence gathering.
Sources
- Brickcom Camerashttps://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it would likely limit the attacker's ability to exploit unsecured devices, restrict lateral movement, and control data exfiltration, thereby reducing the overall impact.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit unauthenticated devices would likely be constrained, reducing the risk of initial unauthorized access.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges using default credentials would likely be limited, reducing the scope of administrative control.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement across networked devices would likely be restricted, reducing the potential spread of the attack.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish and maintain command and control channels would likely be constrained, reducing persistent access.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive data would likely be limited, reducing data loss.
The attacker's ability to disrupt operations by disabling devices would likely be constrained, reducing operational impact.
Impact at a Glance
Affected Business Functions
- Surveillance Monitoring
- Security Operations
Estimated downtime: N/A
Estimated loss: N/A
Unauthorized access to live video feeds and sensitive visual information from affected premises.
Recommended Actions
Key Takeaways & Next Steps
- • Implement strong, unique credentials for all devices to prevent unauthorized access.
- • Enforce network segmentation to limit lateral movement within the network.
- • Deploy intrusion detection systems to monitor for unauthorized access attempts.
- • Regularly update and patch devices to mitigate known vulnerabilities.
- • Conduct regular security audits to identify and address potential weaknesses.
