Skip to main content

Dome

2 CVEs product

Monthly

CVE-2026-50005 HIGH CISA Act Now

Unauthorized camera feed access affects Brickcom Cube, Dome, Bullet, and Box IP camera product lines due to factory-shipped default credentials (CWE-1392). Any attacker reaching the camera's management interface can authenticate using the known default account and silently view live video, with no public exploit identified at time of analysis though the trivial nature of the issue means weaponization requires no specialized tooling. CISA ICS-CERT issued advisory ICSA-26-162-03 covering the issue.

Information Disclosure Cube Dome Bullet Box
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-50245 HIGH CISA Act Now

Unauthenticated snapshot disclosure in Brickcom Cube, Dome, Bullet, and Box IP cameras lets anyone reachable on the camera's /ONVIF endpoint retrieve still images from the live video feed without credentials. The flaw, reported through CISA ICS-CERT (ICSA-26-162-03) and tagged as an authentication bypass, is a classic CWE-306 missing-authentication issue affecting devices typically deployed in physical-security and OT environments. No public exploit identified at time of analysis, but exploitation is trivial once the endpoint is reachable.

Authentication Bypass Cube Dome Bullet Box
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
EPSS 0% CVSS 8.3
HIGH Act Now

Unauthorized camera feed access affects Brickcom Cube, Dome, Bullet, and Box IP camera product lines due to factory-shipped default credentials (CWE-1392). Any attacker reaching the camera's management interface can authenticate using the known default account and silently view live video, with no public exploit identified at time of analysis though the trivial nature of the issue means weaponization requires no specialized tooling. CISA ICS-CERT issued advisory ICSA-26-162-03 covering the issue.

Information Disclosure Cube Dome +2
NVD GitHub
EPSS 0% CVSS 8.3
HIGH Act Now

Unauthenticated snapshot disclosure in Brickcom Cube, Dome, Bullet, and Box IP cameras lets anyone reachable on the camera's /ONVIF endpoint retrieve still images from the live video feed without credentials. The flaw, reported through CISA ICS-CERT (ICSA-26-162-03) and tagged as an authentication bypass, is a classic CWE-306 missing-authentication issue affecting devices typically deployed in physical-security and OT environments. No public exploit identified at time of analysis, but exploitation is trivial once the endpoint is reachable.

Authentication Bypass Cube Dome +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy