How is CVE-2026-50005 exploited?

Network reachability (not-required): The CVSS vector specifies AV:L, meaning the attacker needs an existing shell or process on the host rather than a path over the network. Authentication (not-required): PR:N indicates no credentials or account are required; the default credentials embedded in the firmware itself are the vulnerability being exploited. Victim interaction (not-required): UI:N means the attacker does not need any user or administrator to take an action to trigger the exploit. Attack complexity (info): AC:L indicates the exploit is reliable and condition-free, requiring no race conditions, special memory layout, or environmental setup.

What is the impact of CVE-2026-50005?

Reads live and stored camera feeds, exposing physical surveillance data captured by the affected Brickcom device. Gains high confidentiality access to systems and components beyond the camera itself (SC:H), such as network segments or management interfaces reachable from the device. Modifies or manipulates systems in the broader environment beyond the vulnerable component (SI:H), enabling tampering with connected infrastructure. The camera's own availability is not directly impacted, meaning compromise can persist silently without causing observable service disruption on the device itself.

Back to search

HIGHCVE-2026-50005Published 2026-06-11Modified 2026-06-12CNA icscert

CVE-2026-50005: Brickcom Cameras Use of Default Credentials

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.

CVSS v4.0: 8.3
Severity: HIGH
Fixed in: —
Affected Products: 4

HarborGuard Analysis

Synopsis

Use of default credentials in Brickcom Cube, Dome, Bullet, and Box cameras (firmware version 3.2.3.5.6) allows any unauthenticated attacker with local access to the host or device to silently read camera feeds and gain high-impact access to systems beyond the camera itself. No authentication is required to exploit this weakness. Successful exploitation grants full read access to video feeds and high-impact confidentiality and integrity access to systems in scope beyond the vulnerable component. HarborGuard tracks this advisory for patch availability and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds (including ICS-CERT advisories) within minutes of publication and matched against all customer images, including custom-built images that bundle Brickcom firmware or related software components. Any image in a connected registry or CI pipeline that carries the affected firmware version is flagged automatically.

Available

Triage

HarborGuard scores this finding at CVSS 8.3 (HIGH) using the published v4.0 vector and applies per-environment compliance policy weighting to determine urgency and routing. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership and policy rules.

Available

Patch

No fix version has been published by the vendor. HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Until then, the finding remains open and continues to be surfaced in each affected environment.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The CVSS vector specifies AV:L, meaning the attacker needs an existing shell or process on the host rather than a path over the network.
AuthenticationNot required
PR:N indicates no credentials or account are required; the default credentials embedded in the firmware itself are the vulnerability being exploited.
Victim interactionNot required
UI:N means the attacker does not need any user or administrator to take an action to trigger the exploit.
Attack complexityDetail
AC:L indicates the exploit is reliable and condition-free, requiring no race conditions, special memory layout, or environmental setup.

Blast Radius

Reads live and stored camera feeds, exposing physical surveillance data captured by the affected Brickcom device.
Gains high confidentiality access to systems and components beyond the camera itself (SC:H), such as network segments or management interfaces reachable from the device.
Modifies or manipulates systems in the broader environment beyond the vulnerable component (SI:H), enabling tampering with connected infrastructure.
The camera's own availability is not directly impacted, meaning compromise can persist silently without causing observable service disruption on the device itself.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-50005, HarborGuard continuously monitors the ICS-CERT advisory on every ingest cycle and will surface a patched-image rebuild option the moment Brickcom publishes a remediated firmware version. In the interim, customers can use HarborGuard policy controls to flag any image carrying the affected firmware version as non-compliant and block it from promotion through the pipeline. Recommended compensating controls include network-policy isolation to restrict lateral reachability from affected camera devices, egress filtering to limit what those devices can contact, and credential-rotation enforcement where the camera management interface permits overriding defaults. For customers with auto-remediation enabled, a rebuild and regression run will be triggered automatically and a PR will be opened against affected workloads as soon as a fix version is available from the vendor.

See how HarborGuard automates this

Affected packages

Brickcom / Cube
3.2.3.5.6
Brickcom / Dome
3.2.3.5.6
Brickcom / Bullet
3.2.3.5.6
Brickcom / Box
3.2.3.5.6

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

References

Metrics

Get notified