CVE-2025-35452 | THREATINT

Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-05 | Updated 2025-09-08 | Assigner cisa-cg

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-798 Use of Hard-coded Credentials

CWE-1392 Use of Default Credentials

Product status

Default status

unknown

Any version before 9.1.43

affected

9.1.43

unaffected

Default status

unknown

Any version before 0.0.63

affected

0.0.63

unaffected

Default status

unknown

Any version before 9.1.32

affected

9.1.32

unaffected

Default status

unknown

Any version before 0.0.89

affected

0.0.89

unaffected

Default status

unknown

Any version before 9.1.33

affected

9.1.33

unaffected

Default status

unknown

Any version before 2.0.71

affected

2.0.71

unaffected

Default status

unknown

Any version before 9.0.41

affected

9.0.41

unaffected

Default status

unknown

Any version before 8.1.90

affected

8.1.90

unaffected

Default status

unknown

Any version before 8.1.90

affected

8.1.90

unaffected

Default status

unknown

Any version before 6.3.70

affected

6.3.70

unaffected

Default status

unknown

Any version before 6.2.88

affected

6.2.88

unaffected

Default status

unknown

Any version before 6.3.27

affected

6.3.27

unaffected

Default status

unknown

affected

Default status

unknown

Any version before 6.3.43

affected

6.3.43

unaffected

Default status

unknown

affected

Default status

unknown

Any version before 7.2.94

affected

7.2.94

unaffected

Default status

unknown

Any version before 7.2.85

affected

7.2.85

unaffected

Default status

unknown

Any version before 7.2.94

affected

7.2.94

unaffected

Default status

unknown

Any version before 8.1.89

affected

8.1.89

unaffected

Default status

unknown

Any version before 8.2.14

affected

8.2.14

unaffected

Default status

unknown

Any version before 0.0.58

affected

0.0.58

unaffected

Default status

unknown

Any version before 0.0.85

affected

0.0.85

unaffected

Default status

unknown

Any version before 2.0.64

affected

2.0.64

unaffected

Default status

unknown

Any version before 6.2.81

affected

6.2.81

unaffected

Default status

unknown

affected

References

www.cisa.gov/news-events/ics-advisories/icsa-25-162-10 (url)

github.com/...p/csaf_files/OT/white/2025/icsa-25-162-10.json (url)

www.cve.org/CVERecord?id=CVE-2025-35452 (url)

www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ (url)

www.greynoise.io/...ve-streaming-cameras-with-the-help-of-ai (url)

cve.org (CVE-2025-35452)

nvd.nist.gov (CVE-2025-35452)

Download JSON