CVE-2025-35451

Summary

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

Affected Software

VendorProductVersion RangeStatus
PTZOpticsPT12X-SE-xx-G30 < 9.1.43affected
PTZOpticsPT12X-SE-xx-G39.1.43unaffected
PTZOpticsPT12X-LINK-4K-xx0 < 0.0.63affected
PTZOpticsPT12X-LINK-4K-xx0.0.63unaffected
PTZOpticsPT20X-SE-xx-G30 < 9.1.32affected
PTZOpticsPT20X-SE-xx-G39.1.32unaffected
PTZOpticsPT20X-LINK-4K-xx0 < 0.0.89affected
PTZOpticsPT20X-LINK-4K-xx0.0.89unaffected
PTZOpticsPT-STUDIOPRO0 < 9.0.41affected
PTZOpticsPT-STUDIOPRO9.0.41unaffected
PTZOpticsPT30X-SE-xx-G30 < 9.1.33affected
PTZOpticsPT30X-SE-xx-G39.1.33unaffected
PTZOpticsPT30X-LINK-4K-xx0 < 2.0.71affected
PTZOpticsPT30X-LINK-4K-xx2.0.71unaffected
PTZOpticsPT12X-STUDIO-4K-xx-G30 < 8.1.90affected
PTZOpticsPT12X-STUDIO-4K-xx-G38.1.90unaffected
PTZOpticsPT20X-STUDIO-4K-xx-G30 < 8.1.90affected
PTZOpticsPT20X-STUDIO-4K-xx-G38.1.90unaffected
PTZOpticsPT12X-SDI/NDI-xx0 < 6.3.70affected
PTZOpticsPT12X-SDI/NDI-xx6.3.70unaffected
PTZOpticsPT12X-USB-xx0 < 6.2.88affected
PTZOpticsPT12X-USB-xx6.2.88unaffected
PTZOpticsPT20X-SDI/NDI-xx0 < 6.3.27affected
PTZOpticsPT20X-SDI/NDI-xx6.3.27unaffected
SMTAVPan-Tilt-Zoom Cameras*affected
PTZOpticsPT30X-SDI/NDI-xx0 < 6.3.43affected
PTZOpticsPT30X-SDI/NDI-xx6.3.43unaffected
multiCAM SystemsPan-Tilt-Zoom Cameras*affected
PTZOpticsVL Fixed Camera/NDI Fixed Camera0 < 7.2.94affected
PTZOpticsVL Fixed Camera/NDI Fixed Camera7.2.94unaffected
PTZOptics12x Fixed Camera/NDI Fixed Camera0 < 7.2.85affected
PTZOptics12x Fixed Camera/NDI Fixed Camera7.2.85unaffected
PTZOptics20x Fixed Camera/NDI Fixed Camera0 < 7.2.94affected
PTZOptics20x Fixed Camera/NDI Fixed Camera7.2.94unaffected
PTZOpticsEPTZ Fixed Camera/NDI Fixed Camera0 < 8.1.89affected
PTZOpticsEPTZ Fixed Camera/NDI Fixed Camera8.1.89unaffected
PTZOpticsHC-EPTZ-NDI0 < 8.2.14affected
PTZOpticsHC-EPTZ-NDI8.2.14unaffected
PTZOpticsPT12X-4K-xx-G30 < 0.0.58affected
PTZOpticsPT12X-4K-xx-G30.0.58unaffected
PTZOpticsPT20X-4K-xx-G30 < 0.0.85affected
PTZOpticsPT20X-4K-xx-G30.0.85unaffected
PTZOpticsPT20X-USB-xx0 < 6.2.81affected
PTZOpticsPT20X-USB-xx6.2.81unaffected
PTZOpticsPT30X-4K-xx-G30 < 2.0.64affected
PTZOpticsPT30X-4K-xx-G32.0.64unaffected
ValueHDPan-Tilt-Zoom Cameras*affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References