Summary
Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive device data, bypass surveillance controls, and expose facilities to privacy breaches, operational risks, and regulatory compliance issues.
The following versions of Pelco, Inc. Sarix Pro 3 Series IP Cameras are affected:
- Sarix Professional IMP 3 Series <=02.52 (CVE-2026-1241)
- Sarix Professional IXP 3 Series <=02.52 (CVE-2026-1241)
- Sarix Professional IBP 3 Series <=02.52 (CVE-2026-1241)
- Sarix Professional IWP 3 Series <=02.52 (CVE-2026-1241)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 7.5 | Pelco, Inc. | Pelco, Inc. Sarix Pro 3 Series IP Cameras | Authentication Bypass Using an Alternate Path or Channel |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Defense Industrial Base, Energy, Government Services and Facilities, Healthcare and Public Health, Transportation Systems
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2026-1241
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
Affected Products
Pelco, Inc. Sarix Pro 3 Series IP Cameras
Pelco, Inc.
Pelco, Inc. Sarix Professional IMP 3 Series: <=02.52, Pelco, Inc. Sarix Professional IXP 3 Series: <=02.52, Pelco, Inc. Sarix Professional IBP 3 Series: <=02.52, Pelco, Inc. Sarix Professional IWP 3 Series: <=02.52
known_affected
Remediations
Mitigation
Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements.
Mitigation
More information can be found by visiting Pelco, Inc’s technical support page (https://www.pelco.com/support) for assistance.
Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Acknowledgments
- Souvik Kandar reported this vulnerability to CISA
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: