Unpatched Vulnerability Exposes Brickcom Cameras to Unauthorized Live Video Access

Summary

A critical vulnerability (CVE-2026-50245) has been disclosed in Brickcom's Cube cameras, with a CVSS score of 7.7 indicating a high severity level. The flaw stems from the absence of authentication requirements to access live snapshot images through the /ONVIF endpoint. This oversight enables any remote attacker to exploit the vulnerability and gain unauthorized access to sensitive video feeds without needing credentials. CISA has issued an advisory urging users to implement defensive measures promptly.

What happened

Brickcom's Cube cameras have been found vulnerable due to a lack of authentication on the /ONVIF endpoint, which permits unauthenticated access to live snapshot images. This vulnerability allows attackers to retrieve sensitive visual data and potentially gain administrative control over the devices remotely. The flaw was discovered by parsa rezaie khiabanloo and subsequently reported by CISA.

Technical details

The vulnerability lies in the /ONVIF endpoint of Brickcom Cube cameras, where no authentication mechanism is enforced for accessing live snapshot images. This oversight allows attackers to exploit the system without needing any credentials. The potential impact includes unauthorized access to video feeds and administrative control over the affected devices.

Affected products and fixed versions

The vulnerability affects all models of Brickcom's Cube cameras that have not been updated with a patch addressing CVE-2026-50245. Users are advised to check for updates from Brickcom and apply them immediately to mitigate the risk.

Exploitation status

As of now, there is no known public exploitation specifically targeting this vulnerability. However, given its high severity score (CVSS 7.7), it remains a critical threat until patched. Organizations using these cameras should take immediate action to secure their systems.

Indicators of compromise

Indicators of compromise for this vulnerability include unauthorized access attempts on the /ONVIF endpoint and unusual network traffic patterns associated with live video feed retrieval. Monitoring these indicators can help in early detection of potential exploitation attempts.

Detection opportunities

Organizations can detect potential exploitation by monitoring access logs for unauthorized requests to the /ONVIF endpoint. Implementing network segmentation and firewall rules to restrict access to this endpoint can also serve as a preventive measure.

Why this matters for defenders

This vulnerability highlights the critical importance of implementing robust authentication mechanisms in IoT devices, especially those handling sensitive data like video feeds. Defenders must ensure that all endpoints are secured against unauthorized access to prevent potential breaches.

What remains unclear

While the technical details of the vulnerability have been disclosed, specific information about affected versions and patches is not yet available. Organizations should stay updated with Brickcom's advisories for further guidance on mitigating this risk.

Defender guidance

1. Patch Management: Immediately apply any updates or patches released by Brickcom to address CVE-2026-50245.
2. Network Segmentation: Isolate control system networks from business networks using firewalls and other security measures.
3. Access Control: Implement strict access controls and authentication mechanisms for all endpoints, especially those handling sensitive data.
4. Monitoring: Continuously monitor network traffic for unusual patterns or unauthorized access attempts to the /ONVIF endpoint.
5. Incident Response: Establish and follow a robust incident response plan to quickly address any potential exploitation of this vulnerability.

By following these specific steps, defenders can significantly reduce the risk posed by this high-severity vulnerability in Brickcom's Cube cameras.