Search criteria
2 vulnerabilities by multiCAM Systems
CVE-2025-35452 (GCVE-0-2025-35452)
Vulnerability from cvelistv5 – Published: 2025-09-05 17:49 – Updated: 2025-09-08 18:07
VLAI
Title
Pan-Tilt-Zoom cameras default administrative credentials for web interface
Summary
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
Severity
9.8 (Critical)
Assigner
References
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTZOptics | PT12X-SE-xx-G3 |
Affected:
0 , < 9.1.43
(custom)
Unaffected: 9.1.43 |
|
| PTZOptics | PT12X-LINK-4K-xx |
Affected:
0 , < 0.0.63
(custom)
Unaffected: 0.0.63 |
|
| PTZOptics | PT20X-SE-xx-G3 |
Affected:
0 , < 9.1.32
(custom)
Unaffected: 9.1.32 |
|
| PTZOptics | PT20X-LINK-4K-xx |
Affected:
0 , < 0.0.89
(custom)
Unaffected: 0.0.89 |
|
| PTZOptics | PT30X-SE-xx-G3 |
Affected:
0 , < 9.1.33
(custom)
Unaffected: 9.1.33 |
|
| PTZOptics | PT30X-LINK-4K-xx |
Affected:
0 , < 2.0.71
(custom)
Unaffected: 2.0.71 |
|
| PTZOptics | PT-STUDIOPRO |
Affected:
0 , < 9.0.41
(custom)
Unaffected: 9.0.41 |
|
| PTZOptics | PT12X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT20X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT12X-SDI/NDI-xx |
Affected:
0 , < 6.3.70
(custom)
Unaffected: 6.3.70 |
|
| PTZOptics | PT12X-USB-xx |
Affected:
0 , < 6.2.88
(custom)
Unaffected: 6.2.88 |
|
| PTZOptics | PT20X-SDI/NDI-xx |
Affected:
0 , < 6.3.27
(custom)
Unaffected: 6.3.27 |
|
| SMTAV | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | PT30X-SDI/NDI-xx |
Affected:
0 , < 6.3.43
(custom)
Unaffected: 6.3.43 |
|
| multiCAM Systems | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | VL Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | 12x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.85
(custom)
Unaffected: 7.2.85 |
|
| PTZOptics | 20x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | EPTZ Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 8.1.89
(custom)
Unaffected: 8.1.89 |
|
| PTZOptics | HC-EPTZ-NDI |
Affected:
0 , < 8.2.14
(custom)
Unaffected: 8.2.14 |
|
| PTZOptics | PT12X-4K-xx-G3 |
Affected:
0 , < 0.0.58
(custom)
Unaffected: 0.0.58 |
|
| PTZOptics | PT20X-4K-xx-G3 |
Affected:
0 , < 0.0.85
(custom)
Unaffected: 0.0.85 |
|
| PTZOptics | PT30X-4K-xx-G3 |
Affected:
0 , < 2.0.64
(custom)
Unaffected: 2.0.64 |
|
| PTZOptics | PT20X-USB-xx |
Affected:
0 , < 6.2.81
(custom)
Unaffected: 6.2.81 |
|
| ValueHD | Pan-Tilt-Zoom Cameras |
Affected:
*
|
Date Public
2025-06-12 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:05:20.509951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:07:29.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PT12X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.63",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.63"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.32"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.33"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.71",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.71"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT-STUDIOPRO",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.0.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.70"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.88",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.88"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.27",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.27"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "SMTAV",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "multiCAM Systems",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "VL Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "12x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "20x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "EPTZ Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "HC-EPTZ-NDI",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.2.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.2.14"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.58",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.58"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.64",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.64"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.81"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "ValueHD",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"datePublic": "2025-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T17:57:32.559307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T17:58:30.782Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10"
},
{
"name": "url",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35452"
},
{
"name": "url",
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"
},
{
"name": "url",
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
}
],
"title": "Pan-Tilt-Zoom cameras default administrative credentials for web interface"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-35452",
"datePublished": "2025-09-05T17:49:02.755Z",
"dateReserved": "2025-04-15T20:57:14.282Z",
"dateUpdated": "2025-09-08T18:07:29.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35451 (GCVE-0-2025-35451)
Vulnerability from cvelistv5 – Published: 2025-09-05 17:43 – Updated: 2025-09-08 18:08
VLAI
Title
Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
Summary
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
Severity
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTZOptics | PT12X-SE-xx-G3 |
Affected:
0 , < 9.1.43
(custom)
Unaffected: 9.1.43 |
|
| PTZOptics | PT12X-LINK-4K-xx |
Affected:
0 , < 0.0.63
(custom)
Unaffected: 0.0.63 |
|
| PTZOptics | PT20X-SE-xx-G3 |
Affected:
0 , < 9.1.32
(custom)
Unaffected: 9.1.32 |
|
| PTZOptics | PT20X-LINK-4K-xx |
Affected:
0 , < 0.0.89
(custom)
Unaffected: 0.0.89 |
|
| PTZOptics | PT-STUDIOPRO |
Affected:
0 , < 9.0.41
(custom)
Unaffected: 9.0.41 |
|
| PTZOptics | PT30X-SE-xx-G3 |
Affected:
0 , < 9.1.33
(custom)
Unaffected: 9.1.33 |
|
| PTZOptics | PT30X-LINK-4K-xx |
Affected:
0 , < 2.0.71
(custom)
Unaffected: 2.0.71 |
|
| PTZOptics | PT12X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT20X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT12X-SDI/NDI-xx |
Affected:
0 , < 6.3.70
(custom)
Unaffected: 6.3.70 |
|
| PTZOptics | PT12X-USB-xx |
Affected:
0 , < 6.2.88
(custom)
Unaffected: 6.2.88 |
|
| PTZOptics | PT20X-SDI/NDI-xx |
Affected:
0 , < 6.3.27
(custom)
Unaffected: 6.3.27 |
|
| SMTAV | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | PT30X-SDI/NDI-xx |
Affected:
0 , < 6.3.43
(custom)
Unaffected: 6.3.43 |
|
| multiCAM Systems | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | VL Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | 12x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.85
(custom)
Unaffected: 7.2.85 |
|
| PTZOptics | 20x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | EPTZ Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 8.1.89
(custom)
Unaffected: 8.1.89 |
|
| PTZOptics | HC-EPTZ-NDI |
Affected:
0 , < 8.2.14
(custom)
Unaffected: 8.2.14 |
|
| PTZOptics | PT12X-4K-xx-G3 |
Affected:
0 , < 0.0.58
(custom)
Unaffected: 0.0.58 |
|
| PTZOptics | PT20X-4K-xx-G3 |
Affected:
0 , < 0.0.85
(custom)
Unaffected: 0.0.85 |
|
| PTZOptics | PT20X-USB-xx |
Affected:
0 , < 6.2.81
(custom)
Unaffected: 6.2.81 |
|
| PTZOptics | PT30X-4K-xx-G3 |
Affected:
0 , < 2.0.64
(custom)
Unaffected: 2.0.64 |
|
| ValueHD | Pan-Tilt-Zoom Cameras |
Affected:
*
|
Date Public
2025-06-12 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:08:16.124259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:08:29.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PT12X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.63",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.63"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.32"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT-STUDIOPRO",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.0.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.33"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.71",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.71"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.70"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.88",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.88"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.27",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.27"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "SMTAV",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "multiCAM Systems",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "VL Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "12x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "20x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "EPTZ Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "HC-EPTZ-NDI",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.2.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.2.14"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.58",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.58"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.81"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.64",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.64"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "ValueHD",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"datePublic": "2025-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T17:57:46.995811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T17:58:14.754Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10"
},
{
"name": "url",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35451"
},
{
"name": "url",
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"
},
{
"name": "url",
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
}
],
"title": "Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-35451",
"datePublished": "2025-09-05T17:43:53.108Z",
"dateReserved": "2025-04-15T20:57:14.282Z",
"dateUpdated": "2025-09-08T18:08:29.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}