CVE-2025-45619

MEDIUM

Aver PTC310UV2 Firmware 0.1.0000.59 - Remote Code Execution via SendAction Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45619. PoCs published by weedl.

AI-analyzed exploit summary This repository describes an information leakage vulnerability (CVE-2025-45619) in the AVer PTC310UV2 camera firmware version 0.1.0000.59. The vulnerability exposes administrator credentials via an unauthenticated endpoint at `/action?get=acc`.

Description

An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function

Exploits (1)

nomisec WRITEUP

by weedl · poc

https://github.com/weedl/CVE-2025-45619

View Code ZIP pw:eip

This repository describes an information leakage vulnerability (CVE-2025-45619) in the AVer PTC310UV2 camera firmware version 0.1.0000.59. The vulnerability exposes administrator credentials via an unauthenticated endpoint at `/action?get=acc`.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AVer PTC310UV2 firmware version 0.1.0000.59

No auth needed

Prerequisites: Network access to the vulnerable camera

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product

http://aver.com

Broken Link

http://ptc310uv2.com

Exploit, Third Party Advisory

https://github.com/weedl/CVE-2025-45619

Scores

CVSS v3 6.5

EPSS 0.0090

EPSS Percentile 54.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

averusa/ptc310uv2_firmware 0.1.0000.59

Published Jul 30, 2025

Tracked Since Feb 18, 2026