CVE-2025-35452

CRITICAL

9.8

Descricao

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado9/5/2025

Ultima modificacao12/23/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

multicam-systems:mcamii_ptzmulticam-systems:mcamii_ptz_firmwareptzoptics:ndi_fixed_cameraptzoptics:ndi_fixed_camera_firmwareptzoptics:pt-studioproptzoptics:pt-studiopro_firmwareptzoptics:pt12x-4k-xx-g3ptzoptics:pt12x-4k-xx-g3_firmwareptzoptics:pt12x-link-4k-xxptzoptics:pt12x-link-4k-xx_firmwareptzoptics:pt12x-ndi-xxptzoptics:pt12x-ndi-xx_firmwareptzoptics:pt12x-sdi-xx-g2ptzoptics:pt12x-sdi-xx-g2_firmwareptzoptics:pt12x-se-xx-g3ptzoptics:pt12x-se-xx-g3_firmwareptzoptics:pt12x-usb-xx-g2ptzoptics:pt12x-usb-xx-g2_firmwareptzoptics:pt12x-zcamptzoptics:pt12x-zcam_firmwareptzoptics:pt20x-4k-xx-g3ptzoptics:pt20x-4k-xx-g3_firmwareptzoptics:pt20x-link-4k-xxptzoptics:pt20x-link-4k-xx_firmwareptzoptics:pt20x-sdi-xx-g2ptzoptics:pt20x-sdi-xx-g2_firmwareptzoptics:pt20x-se-xx-g3ptzoptics:pt20x-se-xx-g3_firmwareptzoptics:pt20x-usb-xx-g2ptzoptics:pt20x-usb-xx-g2_firmwareptzoptics:pt20x-zcamptzoptics:pt20x-zcam_firmwareptzoptics:pt30x-4k-xx-g3ptzoptics:pt30x-4k-xx-g3_firmwareptzoptics:pt30x-link-4k-xxptzoptics:pt30x-link-4k-xx_firmwareptzoptics:pt30x-ndi-xxptzoptics:pt30x-ndi-xx_firmwareptzoptics:pt30x-sdi-xx-g2ptzoptics:pt30x-sdi-xx-g2_firmwareptzoptics:pt30x-se-xx-g3ptzoptics:pt30x-se-xx-g3_firmwareptzoptics:pteptz-ndi-zcam-g2ptzoptics:pteptz-zcam-g2ptzoptics:pteptz-zcam-g2_firmwareptzoptics:ptvl-zcamptzoptics:ptvl-zcam_firmwareptzoptics:t20x-ndi-xxptzoptics:t20x-ndi-xx_firmwareptzoptics:vl_fixed_cameraptzoptics:vl_fixed_camera_firmwaresmtav:ba12-nsmtav:ba12-n_firmwaresmtav:ba12ssmtav:ba12s_firmwaresmtav:ba20-nsmtav:ba20-n_firmwaresmtav:ba20ssmtav:ba20s_firmwaresmtav:ba30-nsmtav:ba30-n_firmwaresmtav:ba30ssmtav:ba30s_firmwaresmtav:bv20ssmtav:bv20s_firmwaresmtav:bv30ssmtav:bv30s_firmwaresmtav:bx20nsmtav:bx20n_firmwaresmtav:bx20s-shsmtav:bx20s-sh_firmwaresmtav:bx20uhdsmtav:bx20uhd-nsmtav:bx20uhd-n_firmwaresmtav:bx20uhd_firmwaresmtav:bx30ssmtav:bx30s_firmwaresmtav:hd17hsmtav:hd17h-nsmtav:hd17h-n_firmwaresmtav:hd17h_firmwarevaluehd:v60xlvaluehd:v60xl_firmwarevaluehd:v61wvaluehd:v61w_firmwarevaluehd:v63xlvaluehd:v63xl_firmwarevaluehd:v71uvsvaluehd:v71uvs_firmwarevaluehd:vx60alvaluehd:vx60al_firmwarevaluehd:vx60aslvaluehd:vx60asl_firmwarevaluehd:vx61alvaluehd:vx61al_firmwarevaluehd:vx61aslvaluehd:vx61asl_firmwarevaluehd:vx61baslvaluehd:vx61basl_firmwarevaluehd:vx630alvaluehd:vx630al_firmwarevaluehd:vx701ravaluehd:vx701ra_firmwarevaluehd:vx701tavaluehd:vx701ta_firmwarevaluehd:vx70uvsvaluehd:vx70uvs_firmwarevaluehd:vx71uvsvaluehd:vx71uvs_firmwarevaluehd:vx720lvaluehd:vx720l_firmwarevaluehd:vx751bavaluehd:vx751ba_firmwarevaluehd:vx752avaluehd:vx752a_firmwarevaluehd:vx752agvaluehd:vx752ag_firmwarevaluehd:vx800i2valuehd:vx800i2_firmwarevaluehd:vx90valuehd:vx90_firmware

Fraquezas (CWE)

CWE-798CWE-1392

Referencias

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json(9119a7d8-5eab-497f-8521-727c672e3725)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10(9119a7d8-5eab-497f-8521-727c672e3725)

https://www.cve.org/CVERecord?id=CVE-2025-35452(9119a7d8-5eab-497f-8521-727c672e3725)

https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai(9119a7d8-5eab-497f-8521-727c672e3725)

https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/(9119a7d8-5eab-497f-8521-727c672e3725)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.