How is CVE-2026-50245 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no over-the-network access is required. Authentication (not-required): No credentials of any kind are required to access the /ONVIF endpoint and retrieve snapshot images. Victim interaction (not-required): No victim interaction is needed; the attacker can exploit the endpoint directly without any user action. Attack complexity (info): The exploit is reliable and condition-free, with no race conditions or environmental factors required.

What is the impact of CVE-2026-50245?

Reads live still images from the camera feed without any authorization, exposing whatever the camera is pointed at. Reads data from subsequent systems that consume or relay the camera feed, such as recording servers or monitoring dashboards. Modifies data in subsequent systems connected to the camera pipeline, such as altering stored footage metadata or feed routing configuration.

Back to search

HIGHCVE-2026-50245Published 2026-06-11Modified 2026-06-12CNA icscert

CVE-2026-50245: Brickcom Cameras Missing Authentication for Critical Function

Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.

CVSS v4.0: 8.3
Severity: HIGH
Fixed in: —
Affected Products: 4

HarborGuard Analysis

Synopsis

Missing authentication for a critical function affects Brickcom camera firmware (Cube, Dome, Bullet, and Box models at version 3.2.3.5.6). The /ONVIF endpoint is reachable without any credentials from a local process or shell on the host, requiring no authentication to retrieve live snapshot images. Successful exploitation allows an attacker to read live still images from the camera feed and, via the CVSS v4 subsequent system impact scores, to read, modify, or disrupt downstream systems that consume or relay the camera feed. HarborGuard tracks this advisory for patch availability and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-50245 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including ICS-CERT advisories, within minutes of publication and matched against customer images in registries and CI/CD pipelines. Coverage extends to custom-built images that bundle Brickcom firmware or related components.

Available

Triage

Triage is available using the CVSS v4 base score of 8.3 (HIGH), weighted against each customer environment's compliance policy to determine priority. Findings are routable to the appropriate team inbox within each customer organization based on asset tagging and policy configuration.

Available

Patch

No fix version has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no over-the-network access is required.
AuthenticationNot required
No credentials of any kind are required to access the /ONVIF endpoint and retrieve snapshot images.
Victim interactionNot required
No victim interaction is needed; the attacker can exploit the endpoint directly without any user action.
Attack complexityDetail
The exploit is reliable and condition-free, with no race conditions or environmental factors required.

Blast Radius

Reads live still images from the camera feed without any authorization, exposing whatever the camera is pointed at.
Reads data from subsequent systems that consume or relay the camera feed, such as recording servers or monitoring dashboards.
Modifies data in subsequent systems connected to the camera pipeline, such as altering stored footage metadata or feed routing configuration.

How HarborGuard Handles This

Available on HarborGuard: this CVE is monitored continuously against images in customer registries and pipelines using the ICS-CERT advisory feed. Because no upstream fix version exists, HarborGuard will flag all images containing affected Brickcom firmware components (Cube, Dome, Bullet, Box at 3.2.3.5.6) and hold them in a pending-patch state. In the interim, compensating controls are advisable: network-policy isolation to restrict access to camera management interfaces, egress filtering to limit which downstream systems can reach the /ONVIF endpoint, and feature-flag or firewall-rule gating on ONVIF service exposure. The moment Brickcom publishes a patched firmware version, HarborGuard will ingest it, make a rebuilt image available, and, for customers with auto-remediation enabled, open a patch PR against affected workloads with a regression-test run attached.

See how HarborGuard automates this

Affected packages

Brickcom / Cube
3.2.3.5.6
Brickcom / Dome
3.2.3.5.6
Brickcom / Bullet
3.2.3.5.6
Brickcom / Box
3.2.3.5.6

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

References

Metrics

Get notified