CVE-2025-35451

CRITICAL EPSS 49.3%
Published Sep 5, 20259mo ago · Modified Jun 17, 20261w ago
9.3 CVSS 4.0
Critical
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
49.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 102

VendorProductVersionRange
ptzopticspt12x-sdi-xx-g2_firmware* ≤6.3.34
ptzopticspt12x-sdi-xx-g2*any
ptzopticspt12x-ndi-xx_firmware* ≤6.3.34
ptzopticspt12x-ndi-xx*any
ptzopticspt12x-usb-xx-g2_firmware* ≤6.2.81
ptzopticspt12x-usb-xx-g2*any
ptzopticspt20x-sdi-xx-g2_firmware* ≤6.3.20
ptzopticspt20x-sdi-xx-g2*any
ptzopticspt20x-ndi-xx_firmware* ≤6.3.20
ptzopticspt20x-ndi-xx*any
ptzopticspt20x-usb-xx-g2_firmware* ≤6.2.73
ptzopticspt20x-usb-xx-g2*any
ptzopticspt30x-sdi-xx-g2_firmware* ≤6.3.30
ptzopticspt30x-sdi-xx-g2*any
ptzopticspt30x-ndi-xx_firmware* ≤6.3.30
ptzopticspt30x-ndi-xx*any
ptzopticspt12x-zcam_firmware* ≤7.2.76
ptzopticspt12x-zcam*any
ptzopticspt20x-zcam_firmware* ≤7.2.82
ptzopticspt20x-zcam*any
ptzopticsptvl-zcam_firmware* ≤7.2.79
ptzopticsptvl-zcam*any
ptzopticspteptz-zcam-g2_firmware* ≤8.1.81
ptzopticspteptz-zcam-g2*any
ptzopticspteptz-ndi-zcam-g2_firmware* ≤8.1.81
ptzopticspteptz-ndi-zcam-g2*any
ptzopticsvl_fixed_camera_firmware* ≤7.2.94
ptzopticsvl_fixed_camera*any
ptzopticsndi_fixed_camera_firmware* ≤7.2.94
ptzopticsndi_fixed_camera*any
multicam-systemsmcamii_ptz_firmware*any
multicam-systemsmcamii_ptz*any
smtavba30s_firmware*any
smtavba30s*any
smtavba20s_firmware*any
smtavba20s*any
smtavbv20s_firmware*any
smtavbv20s*any
smtavbx30s_firmware*any
smtavbx30s*any
smtavbx20n_firmware*any
smtavbx20n*any
smtavbx20uhd-n_firmware*any
smtavbx20uhd-n*any
smtavbx20uhd_firmware*any
smtavbx20uhd*any
smtavba30-n_firmware*any
smtavba30-n*any
smtavba20-n_firmware*any
smtavba20-n*any
smtavba12-n_firmware*any
smtavba12-n*any
smtavhd17h-n_firmware*any
smtavhd17h-n*any
smtavbx20s-sh_firmware*any
smtavbx20s-sh*any
smtavhd17h_firmware*any
smtavhd17h*any
smtavbv30s_firmware*any
smtavbv30s*any
smtavba12s_firmware*any
smtavba12s*any
valuehdvx90_firmware*any
valuehdvx90*any
valuehdvx720l_firmware*any
valuehdvx720l*any
valuehdvx752ag_firmware*any
valuehdvx752ag*any
valuehdvx752a_firmware*any
valuehdvx752a*any
valuehdvx751ba_firmware*any
valuehdvx751ba*any
valuehdvx630al_firmware*any
valuehdvx630al*any
valuehdvx61asl_firmware*any
valuehdvx61asl*any
valuehdvx61basl_firmware*any
valuehdvx61basl*any
valuehdvx60asl_firmware*any
valuehdvx60asl*any
valuehdvx61al_firmware*any
valuehdvx61al*any
valuehdvx60al_firmware*any
valuehdvx60al*any
valuehdvx701ra_firmware*any
valuehdvx701ra*any
valuehdvx701ta_firmware*any
valuehdvx701ta*any
valuehdvx800i2_firmware*any
valuehdvx800i2*any
valuehdv61w_firmware*any
valuehdv61w*any
valuehdv63xl_firmware*any
valuehdv63xl*any
valuehdv60xl_firmware*any
valuehdv60xl*any
valuehdvx70uvs_firmware*any
valuehdvx70uvs*any
valuehdvx71uvs_firmware*any
valuehdvx71uvs*any
valuehdv71uvs_firmware*any
valuehdv71uvs*any

References 5

  • github.com https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
    Third Party AdvisoryUS Government Resource
  • cve.org https://www.cve.org/CVERecord?id=CVE-2025-35451
    Third Party Advisory
  • greynoise.io https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
    Third Party Advisory
  • labs.greynoise.io https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.