Skip to main content

Genetec Security Center CVE-2026-55727

| EUVDEUVD-2026-41923 HIGH
Improper Authentication (CWE-287)
2026-07-06 Genetec GHSA-3hmc-px3x-2cjr
7.5
CVSS 3.1 · Vendor: Genetec
Share

Severity by source

Vendor (Genetec) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Unauthenticated network request retrieves live video (AV:N/PR:N/UI:N, C:H); no integrity or availability impact and no scope change, so I:N/A:N/S:U.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Genetec).

CVSS VectorVendor: Genetec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 06, 2026 - 22:02 EUVD
Analysis Generated
Jul 06, 2026 - 21:03 vuln.today

DescriptionCVE.org

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams.

AnalysisAI

Unauthenticated video stream access in Genetec Security Center 5.14.0.0 (builds prior to 5.14.178.18) lets remote attackers pull live video feeds by exploiting a flaw in the authentication mechanism that guards video stream requests. Because the CVSS vector is AV:N/PR:N/UI:N, no credentials or user interaction are needed, and the CWE-287 root cause means the stream endpoint fails to properly verify the requester's identity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach video stream service on network
Exploit
Send video stream request bypassing auth check
Execution
Server returns unvalidated live feed
Impact
View live camera streams

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the live video retrieval / stream service of a Genetec Security Center 5.14.0.0 deployment on a build earlier than 5.14.178.18; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication and no user interaction are needed, so an attacker who can reach the streaming endpoint can request feeds directly. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are partially available and moderately consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the Security Center video services sends a crafted video stream request that omits or spoofs the expected authentication step, and the server returns a live feed without validating the requester's identity. Because no credentials or user interaction are required (AV:N/PR:N/UI:N), an insider on the security VLAN - or anyone who can reach the streaming port through a misconfigured firewall - could silently watch camera feeds. …
Remediation Upgrade Genetec Security Center 5.14.0.0 to build 5.14.178.18 or later, which is the vendor-fixed build (Vendor-released patch: 5.14.178.18); consult the Genetec advisory at https://resources.genetec.com/security-advisories/vulnerability-affecting-live-video-retrieval-in-security-center-5-14-0-0 for the exact download and any build-specific guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all Genetec Security Center deployments to identify vulnerable builds (5.14.0.0 through 5.14.178.17); immediately restrict network access to video stream endpoints to trusted administrative networks only via firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55727 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy