CVE-2025-35452

Analyzed Analyzed - Analysis Complete

BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-12-23

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-09-05

Last Modified

2025-12-23

Generated

2026-05-07

AI Q&A

2025-09-05

EPSS Evaluated

2026-05-05

NVD

CVE-2025-35452

EUVD

EUVD-2025-27019

Affected Vendors & Products

Vendor	Product	Version / Range
ptzoptics	pt20x-link-4k-xx_firmware	to 0.0.89 (inc)
ptzoptics	pt20x-link-4k-xx	*
ptzoptics	pt30x-link-4k-xx_firmware	to 2.0.71 (inc)
ptzoptics	pt30x-link-4k-xx	*
ptzoptics	pt12x-se-xx-g3_firmware	to 9.1.43 (inc)
ptzoptics	pt12x-se-xx-g3	*
ptzoptics	pt20x-se-xx-g3_firmware	to 9.1.32 (inc)
ptzoptics	pt20x-se-xx-g3	*
ptzoptics	pt30x-se-xx-g3_firmware	to 9.1.33 (inc)
ptzoptics	pt30x-se-xx-g3	*
ptzoptics	pt-studiopro_firmware	to 9.0.41 (inc)
ptzoptics	pt-studiopro	*
ptzoptics	vl_fixed_camera_firmware	to 7.2.94 (inc)
ptzoptics	vl_fixed_camera	*
ptzoptics	ndi_fixed_camera_firmware	to 7.2.94 (inc)
ptzoptics	ndi_fixed_camera	*
multicam-systems	mcamii_ptz_firmware	*
multicam-systems	mcamii_ptz	*
smtav	ba30s_firmware	*
smtav	ba30s	*
smtav	ba20s_firmware	*
smtav	ba20s	*
smtav	bv20s_firmware	*
smtav	bv20s	*
smtav	bx30s_firmware	*
smtav	bx30s	*
smtav	bx20n_firmware	*
smtav	bx20n	*
smtav	bx20uhd-n_firmware	*
smtav	bx20uhd-n	*
smtav	bx20uhd_firmware	*
smtav	bx20uhd	*
smtav	ba30-n_firmware	*
smtav	ba30-n	*
smtav	ba20-n_firmware	*
smtav	ba20-n	*
smtav	ba12-n_firmware	*
smtav	ba12-n	*
smtav	hd17h-n_firmware	*
smtav	hd17h-n	*
smtav	bx20s-sh_firmware	*
smtav	bx20s-sh	*
smtav	hd17h_firmware	*
smtav	hd17h	*
smtav	bv30s_firmware	*
smtav	bv30s	*
smtav	ba12s_firmware	*
smtav	ba12s	*
valuehd	vx90_firmware	*
valuehd	vx90	*
valuehd	vx720l_firmware	*
valuehd	vx720l	*
valuehd	vx752ag_firmware	*
valuehd	vx752ag	*
valuehd	vx752a_firmware	*
valuehd	vx752a	*
valuehd	vx751ba_firmware	*
valuehd	vx751ba	*
valuehd	vx630al_firmware	*
valuehd	vx630al	*
valuehd	vx61asl_firmware	*
valuehd	vx61asl	*
valuehd	vx61basl_firmware	*
valuehd	vx61basl	*
valuehd	vx60asl_firmware	*
valuehd	vx60asl	*
valuehd	vx61al_firmware	*
valuehd	vx61al	*
valuehd	vx60al_firmware	*
valuehd	vx60al	*
valuehd	vx701ra_firmware	*
valuehd	vx701ra	*
valuehd	vx701ta_firmware	*
valuehd	vx701ta	*
valuehd	vx800i2_firmware	*
valuehd	vx800i2	*
valuehd	v61w_firmware	*
valuehd	v61w	*
valuehd	v63xl_firmware	*
valuehd	v63xl	*
valuehd	v60xl_firmware	*
valuehd	v60xl	*
valuehd	vx70uvs_firmware	*
valuehd	vx70uvs	*
valuehd	vx71uvs_firmware	*
valuehd	vx71uvs	*
valuehd	v71uvs_firmware	*
valuehd	v71uvs	*
ptzoptics	pt12x-sdi-xx-g2_firmware	*
ptzoptics	pt12x-sdi-xx-g2	*
ptzoptics	pt12x-ndi-xx_firmware	*
ptzoptics	pt12x-ndi-xx	*
ptzoptics	pt12x-usb-xx-g2_firmware	*
ptzoptics	pt12x-usb-xx-g2	*
ptzoptics	pt20x-sdi-xx-g2_firmware	*
ptzoptics	pt20x-sdi-xx-g2	*
ptzoptics	t20x-ndi-xx_firmware	*
ptzoptics	t20x-ndi-xx	*
ptzoptics	pt20x-usb-xx-g2_firmware	*
ptzoptics	pt20x-usb-xx-g2	*
ptzoptics	pt30x-sdi-xx-g2_firmware	*
ptzoptics	pt30x-sdi-xx-g2	*
ptzoptics	pt30x-ndi-xx_firmware	*
ptzoptics	pt30x-ndi-xx	*
ptzoptics	pt12x-zcam_firmware	*
ptzoptics	pt12x-zcam	*
ptzoptics	pt20x-zcam_firmware	*
ptzoptics	pt20x-zcam	*
ptzoptics	ptvl-zcam_firmware	*
ptzoptics	ptvl-zcam	*
ptzoptics	pteptz-zcam-g2_firmware	*
ptzoptics	pteptz-zcam-g2	*
ptzoptics	pteptz-ndi-zcam-g2	*
ptzoptics	pteptz-ndi-zcam-g2	*
ptzoptics	pt12x-4k-xx-g3_firmware	to 0.0.58 (inc)
ptzoptics	pt12x-4k-xx-g3	*
ptzoptics	pt20x-4k-xx-g3_firmware	to 0.0.85 (inc)
ptzoptics	pt20x-4k-xx-g3	*
ptzoptics	pt30x-4k-xx-g3_firmware	to 2.0.64 (inc)
ptzoptics	pt30x-4k-xx-g3	*
ptzoptics	pt12x-link-4k-xx_firmware	to 0.0.63 (inc)
ptzoptics	pt12x-link-4k-xx	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-1392	The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
CWE-798	The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability involves PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras using default, shared credentials for their administrative web interface. This means that the cameras come with preset usernames and passwords that are the same across multiple devices, which can be easily guessed or found by attackers.

How can this vulnerability impact me? :

An attacker can exploit the default, shared credentials to gain unauthorized administrative access to the camera's web interface. This can lead to full control over the camera, including viewing, manipulating, or disabling the device, potentially compromising security and privacy.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-35452

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart