Brickcom Cameras Use of Default Credentials
CVE-2026-50005

8.3HIGH

Key Information:

Vendor

Brickcom

Status
Cube
Dome
Bullet
Box
Vendor
CVE Published:
11 June 2026

What is CVE-2026-50005?

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.

Affected Version(s)

Box 3.2.3.5.6

Bullet 3.2.3.5.6

Cube 3.2.3.5.6

References

https://www.brickcom.com/case/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...
https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CISA discovered the PoCs (Proof of Concept) as authored by parsa rezaie khiabanloo.
.