Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated HTTP GET to a network-reachable /ONVIF endpoint (AV:N, AC:L, PR:N, UI:N) discloses live surveillance imagery (C:H) without affecting integrity or availability.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
AnalysisAI
Unauthenticated snapshot disclosure in Brickcom Cube, Dome, Bullet, and Box IP cameras lets anyone reachable on the camera's /ONVIF endpoint retrieve still images from the live video feed without credentials. The flaw, reported through CISA ICS-CERT (ICSA-26-162-03) and tagged as an authentication bypass, is a classic CWE-306 missing-authentication issue affecting devices typically deployed in physical-security and OT environments. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only HTTP reachability to the camera's /ONVIF endpoint on an affected Brickcom Cube, Dome, Bullet, or Box model - no credentials, no user interaction, and no special configuration on the camera (the missing authentication is the default behavior of the vulnerable firmware). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:L/AC:L/PR:N/UI:N, VC:H, SC:H/SI:H) yields 8.3 and emphasizes high confidentiality impact plus a subsequent-system confidentiality and integrity effect - consistent with surveillance footage feeding into broader monitoring/VMS infrastructure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same network segment as the camera (or on the internet, if the camera is exposed) sends an unauthenticated HTTP request to the camera's /ONVIF snapshot URI and receives a current JPEG of the camera's field of view, repeating the request to effectively reconstruct a low-frame-rate video feed. In a physical-security context this enables pre-attack reconnaissance of staffing patterns, access points, or sensitive areas; in an OT context it can leak views of control rooms or industrial processes. … |
| Remediation | No vendor-released patch version is identified in the provided input - review Brickcom's advisory page (https://www.brickcom.com/case/) and CISA ICSA-26-162-03 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03) for the current firmware release covering this issue and upgrade affected Cube/Dome/Bullet/Box units accordingly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Catalog all Brickcom camera deployments by model, document network IP addresses and ONVIF endpoint accessibility, and assess whether cameras are reachable from untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36309
GHSA-p643-w432-6q35