CVE-2025-35452
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-12-23

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-35452
EUVD
EUVD-2025-27019
Affected Vendors & Products
Showing 122 associated CPEs
Vendor Product Version / Range
ptzoptics pt20x-link-4k-xx_firmware to 0.0.89 (inc)
ptzoptics pt20x-link-4k-xx *
ptzoptics pt30x-link-4k-xx_firmware to 2.0.71 (inc)
ptzoptics pt30x-link-4k-xx *
ptzoptics pt12x-se-xx-g3_firmware to 9.1.43 (inc)
ptzoptics pt12x-se-xx-g3 *
ptzoptics pt20x-se-xx-g3_firmware to 9.1.32 (inc)
ptzoptics pt20x-se-xx-g3 *
ptzoptics pt30x-se-xx-g3_firmware to 9.1.33 (inc)
ptzoptics pt30x-se-xx-g3 *
ptzoptics pt-studiopro_firmware to 9.0.41 (inc)
ptzoptics pt-studiopro *
ptzoptics vl_fixed_camera_firmware to 7.2.94 (inc)
ptzoptics vl_fixed_camera *
ptzoptics ndi_fixed_camera_firmware to 7.2.94 (inc)
ptzoptics ndi_fixed_camera *
multicam-systems mcamii_ptz_firmware *
multicam-systems mcamii_ptz *
smtav ba30s_firmware *
smtav ba30s *
smtav ba20s_firmware *
smtav ba20s *
smtav bv20s_firmware *
smtav bv20s *
smtav bx30s_firmware *
smtav bx30s *
smtav bx20n_firmware *
smtav bx20n *
smtav bx20uhd-n_firmware *
smtav bx20uhd-n *
smtav bx20uhd_firmware *
smtav bx20uhd *
smtav ba30-n_firmware *
smtav ba30-n *
smtav ba20-n_firmware *
smtav ba20-n *
smtav ba12-n_firmware *
smtav ba12-n *
smtav hd17h-n_firmware *
smtav hd17h-n *
smtav bx20s-sh_firmware *
smtav bx20s-sh *
smtav hd17h_firmware *
smtav hd17h *
smtav bv30s_firmware *
smtav bv30s *
smtav ba12s_firmware *
smtav ba12s *
valuehd vx90_firmware *
valuehd vx90 *
valuehd vx720l_firmware *
valuehd vx720l *
valuehd vx752ag_firmware *
valuehd vx752ag *
valuehd vx752a_firmware *
valuehd vx752a *
valuehd vx751ba_firmware *
valuehd vx751ba *
valuehd vx630al_firmware *
valuehd vx630al *
valuehd vx61asl_firmware *
valuehd vx61asl *
valuehd vx61basl_firmware *
valuehd vx61basl *
valuehd vx60asl_firmware *
valuehd vx60asl *
valuehd vx61al_firmware *
valuehd vx61al *
valuehd vx60al_firmware *
valuehd vx60al *
valuehd vx701ra_firmware *
valuehd vx701ra *
valuehd vx701ta_firmware *
valuehd vx701ta *
valuehd vx800i2_firmware *
valuehd vx800i2 *
valuehd v61w_firmware *
valuehd v61w *
valuehd v63xl_firmware *
valuehd v63xl *
valuehd v60xl_firmware *
valuehd v60xl *
valuehd vx70uvs_firmware *
valuehd vx70uvs *
valuehd vx71uvs_firmware *
valuehd vx71uvs *
valuehd v71uvs_firmware *
valuehd v71uvs *
ptzoptics pt12x-sdi-xx-g2_firmware *
ptzoptics pt12x-sdi-xx-g2 *
ptzoptics pt12x-ndi-xx_firmware *
ptzoptics pt12x-ndi-xx *
ptzoptics pt12x-usb-xx-g2_firmware *
ptzoptics pt12x-usb-xx-g2 *
ptzoptics pt20x-sdi-xx-g2_firmware *
ptzoptics pt20x-sdi-xx-g2 *
ptzoptics t20x-ndi-xx_firmware *
ptzoptics t20x-ndi-xx *
ptzoptics pt20x-usb-xx-g2_firmware *
ptzoptics pt20x-usb-xx-g2 *
ptzoptics pt30x-sdi-xx-g2_firmware *
ptzoptics pt30x-sdi-xx-g2 *
ptzoptics pt30x-ndi-xx_firmware *
ptzoptics pt30x-ndi-xx *
ptzoptics pt12x-zcam_firmware *
ptzoptics pt12x-zcam *
ptzoptics pt20x-zcam_firmware *
ptzoptics pt20x-zcam *
ptzoptics ptvl-zcam_firmware *
ptzoptics ptvl-zcam *
ptzoptics pteptz-zcam-g2_firmware *
ptzoptics pteptz-zcam-g2 *
ptzoptics pteptz-ndi-zcam-g2 *
ptzoptics pteptz-ndi-zcam-g2 *
ptzoptics pt12x-4k-xx-g3_firmware to 0.0.58 (inc)
ptzoptics pt12x-4k-xx-g3 *
ptzoptics pt20x-4k-xx-g3_firmware to 0.0.85 (inc)
ptzoptics pt20x-4k-xx-g3 *
ptzoptics pt30x-4k-xx-g3_firmware to 2.0.64 (inc)
ptzoptics pt30x-4k-xx-g3 *
ptzoptics pt12x-link-4k-xx_firmware to 0.0.63 (inc)
ptzoptics pt12x-link-4k-xx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras using default, shared credentials for their administrative web interface. This means that the cameras come with preset usernames and passwords that are the same across multiple devices, which can be easily guessed or found by attackers.

Impact Analysis

An attacker can exploit the default, shared credentials to gain unauthorized administrative access to the camera's web interface. This can lead to full control over the camera, including viewing, manipulating, or disabling the device, potentially compromising security and privacy.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-35452. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart