CVE-2025-35452

CRITICAL EPSS 51.8%
Published Sep 5, 20259mo ago · Modified Jun 17, 20262w ago
9.2 CVSS 4.0
Critical
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

CVSS Details

Base Score
9.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
51.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-1392
CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 122

VendorProductVersionRange
ptzopticspt12x-sdi-xx-g2_firmware*any
ptzopticspt12x-sdi-xx-g2*any
ptzopticspt12x-ndi-xx_firmware*any
ptzopticspt12x-ndi-xx*any
ptzopticspt12x-usb-xx-g2_firmware*any
ptzopticspt12x-usb-xx-g2*any
ptzopticspt20x-sdi-xx-g2_firmware*any
ptzopticspt20x-sdi-xx-g2*any
ptzopticst20x-ndi-xx_firmware*any
ptzopticst20x-ndi-xx*any
ptzopticspt20x-usb-xx-g2_firmware*any
ptzopticspt20x-usb-xx-g2*any
ptzopticspt30x-sdi-xx-g2_firmware*any
ptzopticspt30x-sdi-xx-g2*any
ptzopticspt30x-ndi-xx_firmware*any
ptzopticspt30x-ndi-xx*any
ptzopticspt12x-zcam_firmware*any
ptzopticspt12x-zcam*any
ptzopticspt20x-zcam_firmware*any
ptzopticspt20x-zcam*any
ptzopticsptvl-zcam_firmware*any
ptzopticsptvl-zcam*any
ptzopticspteptz-zcam-g2_firmware*any
ptzopticspteptz-zcam-g2*any
ptzopticspteptz-ndi-zcam-g2*any
ptzopticspteptz-ndi-zcam-g2*any
ptzopticspt12x-4k-xx-g3_firmware* ≤0.0.58
ptzopticspt12x-4k-xx-g3*any
ptzopticspt20x-4k-xx-g3_firmware* ≤0.0.85
ptzopticspt20x-4k-xx-g3*any
ptzopticspt30x-4k-xx-g3_firmware* ≤2.0.64
ptzopticspt30x-4k-xx-g3*any
ptzopticspt12x-link-4k-xx_firmware* ≤0.0.63
ptzopticspt12x-link-4k-xx*any
ptzopticspt20x-link-4k-xx_firmware* ≤0.0.89
ptzopticspt20x-link-4k-xx*any
ptzopticspt30x-link-4k-xx_firmware* ≤2.0.71
ptzopticspt30x-link-4k-xx*any
ptzopticspt12x-se-xx-g3_firmware* ≤9.1.43
ptzopticspt12x-se-xx-g3*any
ptzopticspt20x-se-xx-g3_firmware* ≤9.1.32
ptzopticspt20x-se-xx-g3*any
ptzopticspt30x-se-xx-g3_firmware* ≤9.1.33
ptzopticspt30x-se-xx-g3*any
ptzopticspt-studiopro_firmware* ≤9.0.41
ptzopticspt-studiopro*any
ptzopticsvl_fixed_camera_firmware* ≤7.2.94
ptzopticsvl_fixed_camera*any
ptzopticsndi_fixed_camera_firmware* ≤7.2.94
ptzopticsndi_fixed_camera*any
multicam-systemsmcamii_ptz_firmware*any
multicam-systemsmcamii_ptz*any
smtavba30s_firmware*any
smtavba30s*any
smtavba20s_firmware*any
smtavba20s*any
smtavbv20s_firmware*any
smtavbv20s*any
smtavbx30s_firmware*any
smtavbx30s*any
smtavbx20n_firmware*any
smtavbx20n*any
smtavbx20uhd-n_firmware*any
smtavbx20uhd-n*any
smtavbx20uhd_firmware*any
smtavbx20uhd*any
smtavba30-n_firmware*any
smtavba30-n*any
smtavba20-n_firmware*any
smtavba20-n*any
smtavba12-n_firmware*any
smtavba12-n*any
smtavhd17h-n_firmware*any
smtavhd17h-n*any
smtavbx20s-sh_firmware*any
smtavbx20s-sh*any
smtavhd17h_firmware*any
smtavhd17h*any
smtavbv30s_firmware*any
smtavbv30s*any
smtavba12s_firmware*any
smtavba12s*any
valuehdvx90_firmware*any
valuehdvx90*any
valuehdvx720l_firmware*any
valuehdvx720l*any
valuehdvx752ag_firmware*any
valuehdvx752ag*any
valuehdvx752a_firmware*any
valuehdvx752a*any
valuehdvx751ba_firmware*any
valuehdvx751ba*any
valuehdvx630al_firmware*any
valuehdvx630al*any
valuehdvx61asl_firmware*any
valuehdvx61asl*any
valuehdvx61basl_firmware*any
valuehdvx61basl*any
valuehdvx60asl_firmware*any
valuehdvx60asl*any
valuehdvx61al_firmware*any
valuehdvx61al*any
valuehdvx60al_firmware*any
valuehdvx60al*any
valuehdvx701ra_firmware*any
valuehdvx701ra*any
valuehdvx701ta_firmware*any
valuehdvx701ta*any
valuehdvx800i2_firmware*any
valuehdvx800i2*any
valuehdv61w_firmware*any
valuehdv61w*any
valuehdv63xl_firmware*any
valuehdv63xl*any
valuehdv60xl_firmware*any
valuehdv60xl*any
valuehdvx70uvs_firmware*any
valuehdvx70uvs*any
valuehdvx71uvs_firmware*any
valuehdvx71uvs*any
valuehdv71uvs_firmware*any
valuehdv71uvs*any

References 5

  • github.com https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
    Patch
  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
    Third Party AdvisoryUS Government Resource
  • cve.org https://www.cve.org/CVERecord?id=CVE-2025-35452
    Third Party Advisory
  • greynoise.io https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
    Third Party Advisory
  • labs.greynoise.io https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
    Patch