CVE-2025-35451
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-09-08

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-09-08
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-35451
EUVD
EUVD-2025-27022
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
multicam_systems_sas valuehd *
ptzoptics valuehd 6.3.40
hisilicon hi3516a *
smtav_corporation valuehd *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras that use hard-coded, default administrative credentials. These passwords are easily cracked, and many affected cameras have SSH or telnet services listening on all network interfaces. Users cannot change the default passwords nor disable the SSH or telnet services, making the devices highly vulnerable to unauthorized access.

Impact Analysis

The vulnerability can lead to unauthorized remote access to the affected cameras due to easily cracked default credentials and active SSH or telnet services. This can result in full compromise of the device, including potential interception or manipulation of video feeds, disruption of camera functionality, and use of the device as a foothold for further network attacks.

Detection Guidance

You can detect this vulnerability by scanning your network for PTZOptics or ValueHD-based pan-tilt-zoom cameras that have SSH or telnet services listening on all interfaces. Since the devices use hard-coded default administrative credentials that cannot be changed, attempting to connect via SSH or telnet using common default credentials may confirm the vulnerability. Network scanning tools like nmap can be used to identify devices with open SSH (port 22) or telnet (port 23) services. For example, you can run: nmap -p 22,23 --open <target-network-range> to find devices with these ports open. Then, attempt to log in using known default credentials.

Mitigation Strategies

Immediate mitigation steps include isolating affected PTZOptics or ValueHD-based cameras from untrusted networks to prevent unauthorized access, since the default credentials cannot be changed and SSH/telnet services cannot be disabled by the user. Consider placing these devices behind firewalls or network segmentation to limit exposure. Monitoring network traffic for unauthorized access attempts and replacing vulnerable devices with updated or patched models when available are also recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-35451. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart