Brickcom surveillance products use firmware that contain multiple vulnerabilities that a remote attacker may leverage to gain access to sensitive information, elevate privileges, or perform cross-site request forgery attacks.
Brickcom FB-100Ap, WCB-100Apm, MD-100Apm, WFB-100Ap, OB-100AE, OSD-040e, with firmware versions v220.127.116.11, v18.104.22.168, v22.214.171.124C1, v126.96.36.199, v188.8.131.52. Older versions of the firmwares may be affected.
Elevation of Privilege
An attacker may be able to view and modify information that is supposed to only be available to an administrator user. An attacker can use this to gain access to the device with elevated privileges.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19754 - Brickcom Network Cameras Multiple Vulnerabilities (Zero-Day)
No mitigations currently available.