9.8

CVE-2025-35452

Exploit
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PtzopticsPt12x-ndi-xx Firmware Version-
   PtzopticsPt12x-ndi-xx Version-
PtzopticsT20x-ndi-xx Firmware Version-
   PtzopticsT20x-ndi-xx Version-
PtzopticsPt30x-ndi-xx Firmware Version-
   PtzopticsPt30x-ndi-xx Version-
PtzopticsPt12x-zcam Firmware Version-
   PtzopticsPt12x-zcam Version-
PtzopticsPt20x-zcam Firmware Version-
   PtzopticsPt20x-zcam Version-
PtzopticsPtvl-zcam Firmware Version-
   PtzopticsPtvl-zcam Version-
PtzopticsPteptz-zcam-g2 Firmware Version-
   PtzopticsPteptz-zcam-g2 Version-
PtzopticsPteptz-ndi-zcam-g2 Version-
   PtzopticsPteptz-ndi-zcam-g2 Version-
PtzopticsPt12x-4k-xx-g3 Firmware Version <= 0.0.58
   PtzopticsPt12x-4k-xx-g3 Version-
PtzopticsPt20x-4k-xx-g3 Firmware Version <= 0.0.85
   PtzopticsPt20x-4k-xx-g3 Version-
PtzopticsPt30x-4k-xx-g3 Firmware Version <= 2.0.64
   PtzopticsPt30x-4k-xx-g3 Version-
PtzopticsPt12x-link-4k-xx Firmware Version <= 0.0.63
   PtzopticsPt12x-link-4k-xx Version-
PtzopticsPt20x-link-4k-xx Firmware Version <= 0.0.89
   PtzopticsPt20x-link-4k-xx Version-
PtzopticsPt30x-link-4k-xx Firmware Version <= 2.0.71
   PtzopticsPt30x-link-4k-xx Version-
PtzopticsPt12x-se-xx-g3 Firmware Version <= 9.1.43
   PtzopticsPt12x-se-xx-g3 Version-
PtzopticsPt20x-se-xx-g3 Firmware Version <= 9.1.32
   PtzopticsPt20x-se-xx-g3 Version-
PtzopticsPt30x-se-xx-g3 Firmware Version <= 9.1.33
   PtzopticsPt30x-se-xx-g3 Version-
PtzopticsPt-studiopro Firmware Version <= 9.0.41
   PtzopticsPt-studiopro Version-
PtzopticsVl Fixed Camera Firmware Version <= 7.2.94
   PtzopticsVl Fixed Camera Version-
PtzopticsNdi Fixed Camera Firmware Version <= 7.2.94
   PtzopticsNdi Fixed Camera Version-
SmtavBa30s Firmware
   SmtavBa30s Version-
SmtavBa20s Firmware
   SmtavBa20s Version-
SmtavBv20s Firmware
   SmtavBv20s Version-
SmtavBx30s Firmware
   SmtavBx30s Version-
SmtavBx20n Firmware
   SmtavBx20n Version-
SmtavBx20uhd-n Firmware
   SmtavBx20uhd-n Version-
SmtavBx20uhd Firmware
   SmtavBx20uhd Version-
SmtavBa30-n Firmware
   SmtavBa30-n Version-
SmtavBa20-n Firmware
   SmtavBa20-n Version-
SmtavBa12-n Firmware
   SmtavBa12-n Version-
SmtavHd17h-n Firmware
   SmtavHd17h-n Version-
SmtavBx20s-sh Firmware
   SmtavBx20s-sh Version-
SmtavHd17h Firmware
   SmtavHd17h Version-
SmtavBv30s Firmware
   SmtavBv30s Version-
SmtavBa12s Firmware
   SmtavBa12s Version-
ValuehdVx90 Firmware
   ValuehdVx90 Version-
ValuehdVx720l Firmware
   ValuehdVx720l Version-
ValuehdVx752ag Firmware
   ValuehdVx752ag Version-
ValuehdVx752a Firmware
   ValuehdVx752a Version-
ValuehdVx751ba Firmware
   ValuehdVx751ba Version-
ValuehdVx630al Firmware
   ValuehdVx630al Version-
ValuehdVx61asl Firmware
   ValuehdVx61asl Version-
ValuehdVx61basl Firmware
   ValuehdVx61basl Version-
ValuehdVx60asl Firmware
   ValuehdVx60asl Version-
ValuehdVx61al Firmware
   ValuehdVx61al Version-
ValuehdVx60al Firmware
   ValuehdVx60al Version-
ValuehdVx701ra Firmware
   ValuehdVx701ra Version-
ValuehdVx701ta Firmware
   ValuehdVx701ta Version-
ValuehdVx800i2 Firmware
   ValuehdVx800i2 Version-
ValuehdV61w Firmware
   ValuehdV61w Version-
ValuehdV63xl Firmware
   ValuehdV63xl Version-
ValuehdV60xl Firmware
   ValuehdV60xl Version-
ValuehdVx70uvs Firmware
   ValuehdVx70uvs Version-
ValuehdVx71uvs Firmware
   ValuehdVx71uvs Version-
ValuehdV71uvs Firmware
   ValuehdV71uvs Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
9119a7d8-5eab-497f-8521-727c672e3725 9.2 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
Third Party Advisory
US Government Resource