CVE-2026-40624
Received Received - Intake
Improper Input Validation in AVer PTC Series Cameras Leads to RCE

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: ICS-CERT

Description
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-40624
EUVD
EUVD-2026-37972
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
aver ptc500s *
aver ptc115 *
aver ptc500+ *
aver ptc115+ *
aver csafpid-0001 *
aver csafpid-0002 *
aver csafpid-0003 *
aver csafpid-0004 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Executive Summary

CVE-2026-40624 is a critical security vulnerability found in certain AVer camera models, including PTC500S, PTC115, PTC500+, and PTC115+. It arises from improper input validation, which allows a remote and unauthenticated attacker to execute arbitrary code on the affected devices by sending a specially crafted web request.

This means that an attacker does not need any prior access or credentials to exploit this flaw, making it highly dangerous.

Impact Analysis

Exploitation of this vulnerability can lead to arbitrary code execution on the affected AVer cameras, which can compromise the confidentiality, integrity, and availability of the device and potentially the network it is connected to.

  • An attacker could take full control of the camera remotely without authentication.
  • This could lead to unauthorized surveillance, manipulation of video feeds, or use of the device as a foothold for further attacks within the network.
  • The vulnerability has a high CVSS score (9.8), indicating critical impact on security.

Users are advised to apply firmware updates provided by AVer and implement network security measures such as isolating these devices behind firewalls and using secure remote access methods.

Mitigation Strategies

To mitigate this vulnerability, apply the firmware fix provided by AVer as soon as possible.

Minimize network exposure for control system devices by isolating them behind firewalls.

Use secure remote access methods such as VPNs to access affected devices.

Compliance Impact

The provided information does not specify how CVE-2026-40624 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40624. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart