CVE-2025-35451
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-08
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| multicam_systems_sas | valuehd | * |
| ptzoptics | valuehd | 6.3.40 |
| hisilicon | hi3516a | * |
| smtav_corporation | valuehd | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras that use hard-coded, default administrative credentials. These passwords are easily cracked, and many affected cameras have SSH or telnet services listening on all network interfaces. Users cannot change the default passwords nor disable the SSH or telnet services, making the devices highly vulnerable to unauthorized access.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized remote access to the affected cameras due to easily cracked default credentials and active SSH or telnet services. This can result in full compromise of the device, including potential interception or manipulation of video feeds, disruption of camera functionality, and use of the device as a foothold for further network attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by scanning your network for PTZOptics or ValueHD-based pan-tilt-zoom cameras that have SSH or telnet services listening on all interfaces. Since the devices use hard-coded default administrative credentials that cannot be changed, attempting to connect via SSH or telnet using common default credentials may confirm the vulnerability. Network scanning tools like nmap can be used to identify devices with open SSH (port 22) or telnet (port 23) services. For example, you can run: nmap -p 22,23 --open <target-network-range> to find devices with these ports open. Then, attempt to log in using known default credentials.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating affected PTZOptics or ValueHD-based cameras from untrusted networks to prevent unauthorized access, since the default credentials cannot be changed and SSH/telnet services cannot be disabled by the user. Consider placing these devices behind firewalls or network segmentation to limit exposure. Monitoring network traffic for unauthorized access attempts and replacing vulnerable devices with updated or patched models when available are also recommended.