Brickcom IP cameras (version 3.2.3.5.6) contain two high-severity vulnerabilities (CVE-2026-50245 and CVE-2026-50005) involving missing authentication on the /ONVIF endpoint and the use of default credentials. Successful exploitation allows attackers with local network access to view live video feeds and potentially gain administrative control. The vendor has not responded to coordination requests, leaving the devices currently unpatched.