CVE-2025-35451
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PTZOptics | PT12X-SE-xx-G3 | 0 < 9.1.43 | affected |
| PTZOptics | PT12X-SE-xx-G3 | 9.1.43 | unaffected |
| PTZOptics | PT12X-LINK-4K-xx | 0 < 0.0.63 | affected |
| PTZOptics | PT12X-LINK-4K-xx | 0.0.63 | unaffected |
| PTZOptics | PT20X-SE-xx-G3 | 0 < 9.1.32 | affected |
| PTZOptics | PT20X-SE-xx-G3 | 9.1.32 | unaffected |
| PTZOptics | PT20X-LINK-4K-xx | 0 < 0.0.89 | affected |
| PTZOptics | PT20X-LINK-4K-xx | 0.0.89 | unaffected |
| PTZOptics | PT-STUDIOPRO | 0 < 9.0.41 | affected |
| PTZOptics | PT-STUDIOPRO | 9.0.41 | unaffected |
| PTZOptics | PT30X-SE-xx-G3 | 0 < 9.1.33 | affected |
| PTZOptics | PT30X-SE-xx-G3 | 9.1.33 | unaffected |
| PTZOptics | PT30X-LINK-4K-xx | 0 < 2.0.71 | affected |
| PTZOptics | PT30X-LINK-4K-xx | 2.0.71 | unaffected |
| PTZOptics | PT12X-STUDIO-4K-xx-G3 | 0 < 8.1.90 | affected |
| PTZOptics | PT12X-STUDIO-4K-xx-G3 | 8.1.90 | unaffected |
| PTZOptics | PT20X-STUDIO-4K-xx-G3 | 0 < 8.1.90 | affected |
| PTZOptics | PT20X-STUDIO-4K-xx-G3 | 8.1.90 | unaffected |
| PTZOptics | PT12X-SDI/NDI-xx | 0 < 6.3.70 | affected |
| PTZOptics | PT12X-SDI/NDI-xx | 6.3.70 | unaffected |
| PTZOptics | PT12X-USB-xx | 0 < 6.2.88 | affected |
| PTZOptics | PT12X-USB-xx | 6.2.88 | unaffected |
| PTZOptics | PT20X-SDI/NDI-xx | 0 < 6.3.27 | affected |
| PTZOptics | PT20X-SDI/NDI-xx | 6.3.27 | unaffected |
| SMTAV | Pan-Tilt-Zoom Cameras | * | affected |
| PTZOptics | PT30X-SDI/NDI-xx | 0 < 6.3.43 | affected |
| PTZOptics | PT30X-SDI/NDI-xx | 6.3.43 | unaffected |
| multiCAM Systems | Pan-Tilt-Zoom Cameras | * | affected |
| PTZOptics | VL Fixed Camera/NDI Fixed Camera | 0 < 7.2.94 | affected |
| PTZOptics | VL Fixed Camera/NDI Fixed Camera | 7.2.94 | unaffected |
| PTZOptics | 12x Fixed Camera/NDI Fixed Camera | 0 < 7.2.85 | affected |
| PTZOptics | 12x Fixed Camera/NDI Fixed Camera | 7.2.85 | unaffected |
| PTZOptics | 20x Fixed Camera/NDI Fixed Camera | 0 < 7.2.94 | affected |
| PTZOptics | 20x Fixed Camera/NDI Fixed Camera | 7.2.94 | unaffected |
| PTZOptics | EPTZ Fixed Camera/NDI Fixed Camera | 0 < 8.1.89 | affected |
| PTZOptics | EPTZ Fixed Camera/NDI Fixed Camera | 8.1.89 | unaffected |
| PTZOptics | HC-EPTZ-NDI | 0 < 8.2.14 | affected |
| PTZOptics | HC-EPTZ-NDI | 8.2.14 | unaffected |
| PTZOptics | PT12X-4K-xx-G3 | 0 < 0.0.58 | affected |
| PTZOptics | PT12X-4K-xx-G3 | 0.0.58 | unaffected |
| PTZOptics | PT20X-4K-xx-G3 | 0 < 0.0.85 | affected |
| PTZOptics | PT20X-4K-xx-G3 | 0.0.85 | unaffected |
| PTZOptics | PT20X-USB-xx | 0 < 6.2.81 | affected |
| PTZOptics | PT20X-USB-xx | 6.2.81 | unaffected |
| PTZOptics | PT30X-4K-xx-G3 | 0 < 2.0.64 | affected |
| PTZOptics | PT30X-4K-xx-G3 | 2.0.64 | unaffected |
| ValueHD | Pan-Tilt-Zoom Cameras | * | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
- https://www.cve.org/CVERecord?id=CVE-2025-35451
- https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
- https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.