CISA Bulletin: Brickcom Cameras Pre-Auth Default Credentials (CVE-2026-50245/50005)

Vulnerability Overview Vulnerability Name: Brickcom Cameras Publication Date: June 11, 2026 Alert Code: ICSA-26-162-03 Related Topics: Industrial Control Systems Vulnerabilities, Industrial Control Systems Impact Scope Affected Versions: - Brickcom Cube 3.2.3.5.6 - Brickcom Dome 3.2.3.5.6 - Brickcom Bullet 3.2.3.5.6 - Brickcom Box 3.2.3.5.6 CVSS Score: v3.7.7 Vendor: Brickcom Device: Brickcom Cameras Vulnerability Type: - Critical function lacks authentication - Use of default credentials Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Financial Services, Healthcare and Public Health Deployment Countries/Regions: Global Company Headquarters Location: Taiwan Remediation Recommended Practices: - Minimize network exposure to ensure all control system devices and systems are not accessible from the internet. - Place control system networks and remote devices behind firewalls and isolate them from business networks. - When remote access is required, use more secure methods such as Virtual Private Networks (VPNs), and ensure VPNs are updated to the latest version. - Conduct appropriate impact analysis and risk assessment before deploying mitigations. - Implement recommended cybersecurity strategies to proactively defend ICS assets. - Follow internal procedures to report suspicious malicious activity. - Do not click links or open attachments in unsolicited emails. - Refer to resources on avoiding email fraud and social engineering attacks. Vulnerability Details CVE-2026-50245 CVE-2026-50005 Acknowledgements CISA identified the PoC (Proof of Concept) authored by parsa rezaie khabianloo. Revision History Initial Publication Date: June 11, 2026 Revision: 1 Summary: Initial Release Tags Sectors: Commercial Facilities Sector, Critical Manufacturing Sector, Financial Services Sector, Healthcare and Public Health Sector Topics: Industrial Control Systems Vulnerabilities, Industrial Control Systems Related Advisories Naxclow IoT Platform Yarbo Android/iOS Mobile Application and Cloud Infrastructure Schneider Electric EcoStruxure Panel Server Siemens KACO Blueplanet Inverters Legal Notice and Terms of Use This product is subject to this notice and the Privacy and Use Policy. Share Your Thoughts We recently updated our anonymous product survey and welcome your feedback. Back to Top Topics, Highlights, Resources & Tools, News & Events, Careers, About CISA Central 1-844-Say-CISA contact@cisa.dhs.gov CISA.gov The official website of the U.S. Department of Homeland Security About CISA Budget and Performance DHS.gov FOIA Requests No FEAR Act Office of Inspector General Privacy Policy Subscribe White House USA.gov Website Feedback Summary This page primarily introduces vulnerability information for Brickcom Cameras, including affected versions, vulnerability types, and recommended remediation measures. The page also provides related legal notices, terms of use, revision history, tags, and related advisories.

Goal Reached Thanks to every supporter — we hit 100%!

CISA Bulletin: Brickcom Cameras Pre-Auth Default Credentials (CVE-2026-50245/50005)