CVE-2025-35452

Summary

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

Affected Software

VendorProductVersion RangeStatus
PTZOpticsPT12X-SE-xx-G30 < 9.1.43affected
PTZOpticsPT12X-SE-xx-G39.1.43unaffected
PTZOpticsPT12X-LINK-4K-xx0 < 0.0.63affected
PTZOpticsPT12X-LINK-4K-xx0.0.63unaffected
PTZOpticsPT20X-SE-xx-G30 < 9.1.32affected
PTZOpticsPT20X-SE-xx-G39.1.32unaffected
PTZOpticsPT20X-LINK-4K-xx0 < 0.0.89affected
PTZOpticsPT20X-LINK-4K-xx0.0.89unaffected
PTZOpticsPT30X-SE-xx-G30 < 9.1.33affected
PTZOpticsPT30X-SE-xx-G39.1.33unaffected
PTZOpticsPT30X-LINK-4K-xx0 < 2.0.71affected
PTZOpticsPT30X-LINK-4K-xx2.0.71unaffected
PTZOpticsPT-STUDIOPRO0 < 9.0.41affected
PTZOpticsPT-STUDIOPRO9.0.41unaffected
PTZOpticsPT12X-STUDIO-4K-xx-G30 < 8.1.90affected
PTZOpticsPT12X-STUDIO-4K-xx-G38.1.90unaffected
PTZOpticsPT20X-STUDIO-4K-xx-G30 < 8.1.90affected
PTZOpticsPT20X-STUDIO-4K-xx-G38.1.90unaffected
PTZOpticsPT12X-SDI/NDI-xx0 < 6.3.70affected
PTZOpticsPT12X-SDI/NDI-xx6.3.70unaffected
PTZOpticsPT12X-USB-xx0 < 6.2.88affected
PTZOpticsPT12X-USB-xx6.2.88unaffected
PTZOpticsPT20X-SDI/NDI-xx0 < 6.3.27affected
PTZOpticsPT20X-SDI/NDI-xx6.3.27unaffected
SMTAVPan-Tilt-Zoom Cameras*affected
PTZOpticsPT30X-SDI/NDI-xx0 < 6.3.43affected
PTZOpticsPT30X-SDI/NDI-xx6.3.43unaffected
multiCAM SystemsPan-Tilt-Zoom Cameras*affected
PTZOpticsVL Fixed Camera/NDI Fixed Camera0 < 7.2.94affected
PTZOpticsVL Fixed Camera/NDI Fixed Camera7.2.94unaffected
PTZOptics12x Fixed Camera/NDI Fixed Camera0 < 7.2.85affected
PTZOptics12x Fixed Camera/NDI Fixed Camera7.2.85unaffected
PTZOptics20x Fixed Camera/NDI Fixed Camera0 < 7.2.94affected
PTZOptics20x Fixed Camera/NDI Fixed Camera7.2.94unaffected
PTZOpticsEPTZ Fixed Camera/NDI Fixed Camera0 < 8.1.89affected
PTZOpticsEPTZ Fixed Camera/NDI Fixed Camera8.1.89unaffected
PTZOpticsHC-EPTZ-NDI0 < 8.2.14affected
PTZOpticsHC-EPTZ-NDI8.2.14unaffected
PTZOpticsPT12X-4K-xx-G30 < 0.0.58affected
PTZOpticsPT12X-4K-xx-G30.0.58unaffected
PTZOpticsPT20X-4K-xx-G30 < 0.0.85affected
PTZOpticsPT20X-4K-xx-G30.0.85unaffected
PTZOpticsPT30X-4K-xx-G30 < 2.0.64affected
PTZOpticsPT30X-4K-xx-G32.0.64unaffected
PTZOpticsPT20X-USB-xx0 < 6.2.81affected
PTZOpticsPT20X-USB-xx6.2.81unaffected
ValueHDPan-Tilt-Zoom Cameras*affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials
  • CWE-1392: CWE-1392 Use of Default Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References