Vulnerability Details CVE-2025-35451
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
- https://www.cve.org/CVERecord?id=CVE-2025-35451
- https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
- https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
Products affected by CVE-2025-35451
-
cpe:2.3:h:multicam-systems:mcamii_ptz:*
-
cpe:2.3:h:ptzoptics:ndi_fixed_camera:-
-
cpe:2.3:h:ptzoptics:pt12x-ndi-xx:-
-
cpe:2.3:h:ptzoptics:pt12x-sdi-xx-g2:-
-
cpe:2.3:h:ptzoptics:pt12x-usb-xx-g2:-
-
cpe:2.3:h:ptzoptics:pt12x-zcam:-
-
cpe:2.3:h:ptzoptics:pt20x-ndi-xx:-
-
cpe:2.3:h:ptzoptics:pt20x-sdi-xx-g2:-
-
cpe:2.3:h:ptzoptics:pt20x-usb-xx-g2:-
-
cpe:2.3:h:ptzoptics:pt20x-zcam:-
-
cpe:2.3:h:ptzoptics:pt30x-ndi-xx:-
-
cpe:2.3:h:ptzoptics:pt30x-sdi-xx-g2:-
-
cpe:2.3:h:ptzoptics:pteptz-ndi-zcam-g2:-
-
cpe:2.3:h:ptzoptics:pteptz-zcam-g2:-
-
cpe:2.3:h:ptzoptics:ptvl-zcam:-
-
cpe:2.3:h:ptzoptics:vl_fixed_camera:-
-
cpe:2.3:h:smtav:ba12-n:-
-
cpe:2.3:h:smtav:ba12s:-
-
cpe:2.3:h:smtav:ba20-n:-
-
cpe:2.3:h:smtav:ba20s:-
-
cpe:2.3:h:smtav:ba30-n:-
-
cpe:2.3:h:smtav:ba30s:-
-
cpe:2.3:h:smtav:bv20s:-
-
cpe:2.3:h:smtav:bv30s:-
-
cpe:2.3:h:smtav:bx20n:-
-
cpe:2.3:h:smtav:bx20s-sh:-
-
cpe:2.3:h:smtav:bx20uhd-n:-
-
cpe:2.3:h:smtav:bx20uhd:-
-
cpe:2.3:h:smtav:bx30s:-
-
cpe:2.3:h:smtav:hd17h-n:-
-
cpe:2.3:h:smtav:hd17h:-
-
cpe:2.3:h:valuehd:v60xl:-
-
cpe:2.3:h:valuehd:v61w:-
-
cpe:2.3:h:valuehd:v63xl:-
-
cpe:2.3:h:valuehd:v71uvs:-
-
cpe:2.3:h:valuehd:vx60al:-
-
cpe:2.3:h:valuehd:vx60asl:-
-
cpe:2.3:h:valuehd:vx61al:-
-
cpe:2.3:h:valuehd:vx61asl:-
-
cpe:2.3:h:valuehd:vx61basl:-
-
cpe:2.3:h:valuehd:vx630al:-
-
cpe:2.3:h:valuehd:vx701ra:-
-
cpe:2.3:h:valuehd:vx701ta:-
-
cpe:2.3:h:valuehd:vx70uvs:-
-
cpe:2.3:h:valuehd:vx71uvs:-
-
cpe:2.3:h:valuehd:vx720l:-
-
cpe:2.3:h:valuehd:vx751ba:-
-
cpe:2.3:h:valuehd:vx752a:-
-
cpe:2.3:h:valuehd:vx752ag:-
-
cpe:2.3:h:valuehd:vx800i2:-
-
cpe:2.3:h:valuehd:vx90:-
-
cpe:2.3:o:multicam-systems:mcamii_ptz_firmware:*
-
cpe:2.3:o:ptzoptics:ndi_fixed_camera_firmware:7.2.94
-
cpe:2.3:o:ptzoptics:pt12x-ndi-xx_firmware:-
-
cpe:2.3:o:ptzoptics:pt12x-ndi-xx_firmware:6.3.34
-
cpe:2.3:o:ptzoptics:pt12x-sdi-xx-g2_firmware:-
-
cpe:2.3:o:ptzoptics:pt12x-sdi-xx-g2_firmware:6.3.34
-
cpe:2.3:o:ptzoptics:pt12x-usb-xx-g2_firmware:-
-
cpe:2.3:o:ptzoptics:pt12x-usb-xx-g2_firmware:6.2.81
-
cpe:2.3:o:ptzoptics:pt12x-zcam_firmware:-
-
cpe:2.3:o:ptzoptics:pt12x-zcam_firmware:7.2.76
-
cpe:2.3:o:ptzoptics:pt20x-ndi-xx_firmware:6.3.20
-
cpe:2.3:o:ptzoptics:pt20x-sdi-xx-g2_firmware:-
-
cpe:2.3:o:ptzoptics:pt20x-sdi-xx-g2_firmware:6.3.20
-
cpe:2.3:o:ptzoptics:pt20x-usb-xx-g2_firmware:-
-
cpe:2.3:o:ptzoptics:pt20x-usb-xx-g2_firmware:6.2.73
-
cpe:2.3:o:ptzoptics:pt20x-zcam_firmware:-
-
cpe:2.3:o:ptzoptics:pt20x-zcam_firmware:7.2.82
-
cpe:2.3:o:ptzoptics:pt30x-ndi-xx_firmware:-
-
cpe:2.3:o:ptzoptics:pt30x-ndi-xx_firmware:6.3.30
-
cpe:2.3:o:ptzoptics:pt30x-sdi-xx-g2_firmware:-
-
cpe:2.3:o:ptzoptics:pt30x-sdi-xx-g2_firmware:6.3.30
-
cpe:2.3:o:ptzoptics:pteptz-ndi-zcam-g2_firmware:8.1.81
-
cpe:2.3:o:ptzoptics:pteptz-zcam-g2_firmware:-
-
cpe:2.3:o:ptzoptics:pteptz-zcam-g2_firmware:8.1.81
-
cpe:2.3:o:ptzoptics:ptvl-zcam_firmware:-
-
cpe:2.3:o:ptzoptics:ptvl-zcam_firmware:7.2.79
-
cpe:2.3:o:ptzoptics:vl_fixed_camera_firmware:7.2.94
-
cpe:2.3:o:smtav:ba12-n_firmware:-
-
cpe:2.3:o:smtav:ba12s_firmware:-
-
cpe:2.3:o:smtav:ba20-n_firmware:-
-
cpe:2.3:o:smtav:ba20s_firmware:-
-
cpe:2.3:o:smtav:ba30-n_firmware:-
-
cpe:2.3:o:smtav:ba30s_firmware:-
-
cpe:2.3:o:smtav:bv20s_firmware:-
-
cpe:2.3:o:smtav:bv30s_firmware:-
-
cpe:2.3:o:smtav:bx20n_firmware:-
-
cpe:2.3:o:smtav:bx20s-sh_firmware:-
-
cpe:2.3:o:smtav:bx20uhd-n_firmware:-
-
cpe:2.3:o:smtav:bx20uhd_firmware:-
-
cpe:2.3:o:smtav:bx30s_firmware:-
-
cpe:2.3:o:smtav:hd17h-n_firmware:-
-
cpe:2.3:o:smtav:hd17h_firmware:-
-
cpe:2.3:o:valuehd:v60xl_firmware:-
-
cpe:2.3:o:valuehd:v61w_firmware:-
-
cpe:2.3:o:valuehd:v63xl_firmware:-
-
cpe:2.3:o:valuehd:v71uvs_firmware:-
-
cpe:2.3:o:valuehd:vx60al_firmware:-
-
cpe:2.3:o:valuehd:vx60asl_firmware:-
-
cpe:2.3:o:valuehd:vx61al_firmware:-
-
cpe:2.3:o:valuehd:vx61asl_firmware:-
-
cpe:2.3:o:valuehd:vx61basl_firmware:-
-
cpe:2.3:o:valuehd:vx630al_firmware:-
-
cpe:2.3:o:valuehd:vx701ra_firmware:-
-
cpe:2.3:o:valuehd:vx701ta_firmware:-
-
cpe:2.3:o:valuehd:vx70uvs_firmware:-
-
cpe:2.3:o:valuehd:vx71uvs_firmware:-
-
cpe:2.3:o:valuehd:vx720l_firmware:-
-
cpe:2.3:o:valuehd:vx751ba_firmware:-
-
cpe:2.3:o:valuehd:vx752a_firmware:-
-
cpe:2.3:o:valuehd:vx752ag_firmware:-
-
cpe:2.3:o:valuehd:vx800i2_firmware:-
-
cpe:2.3:o:valuehd:vx90_firmware:-