CVE-2025-45620

HIGH

Aver PTC310UV2 v.0.1.0000.59 - Exposure of Sensitive Information via Crafted Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45620. PoCs published by weedl.

AI-analyzed exploit summary This repository describes an information leakage vulnerability in the AVer PTC310UV2 camera's web interface, where credentials are exposed in plaintext during client-side authentication. The issue involves insecure handling of credentials via a frontend JavaScript function that retrieves and compares them without encryption.

Description

An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request

Exploits (1)

nomisec WRITEUP
by weedl · poc
https://github.com/weedl/CVE-2025-45620

This repository describes an information leakage vulnerability in the AVer PTC310UV2 camera's web interface, where credentials are exposed in plaintext during client-side authentication. The issue involves insecure handling of credentials via a frontend JavaScript function that retrieves and compares them without encryption.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: AVer PTC310UV2 firmware version 0.1.0000.59
No auth needed
Prerequisites: Network access to the camera's web interface · Ability to monitor browser network traffic
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Product
http://aver.com
Broken Link
http://ptc310uv2.com
Exploit, Third Party Advisory
https://github.com/weedl/CVE-2025-45620

Scores

CVSS v3 8.1
EPSS 0.0089
EPSS Percentile 54.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (1)
averusa/ptc310uv2_firmware 0.1.0000.59
Published Jul 30, 2025
Tracked Since Feb 18, 2026