CVE-2025-35452
CRITICALPTZOptics PT12x-SDI-XX-G2 and other ValueHD-based Cameras - Use of Default Credentials
Title source: llmDescription
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35452
Third Party Advisory
https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
Exploit, Third Party Advisory
https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
Scores
CVSS v3
9.8
EPSS
0.0079
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-1392
CWE-798
Status
published
Products (50)
multicam-systems/mcamii_ptz_firmware
ptzoptics/ndi_fixed_camera_firmware
< 7.2.94
ptzoptics/pt-studiopro_firmware
< 9.0.41
ptzoptics/pt12x-4k-xx-g3_firmware
< 0.0.58
ptzoptics/pt12x-link-4k-xx_firmware
< 0.0.63
ptzoptics/pt12x-ndi-xx_firmware
ptzoptics/pt12x-sdi-xx-g2_firmware
ptzoptics/pt12x-se-xx-g3_firmware
< 9.1.43
ptzoptics/pt12x-usb-xx-g2_firmware
ptzoptics/pt12x-zcam_firmware
... and 40 more
Published
Sep 05, 2025
Tracked Since
Feb 18, 2026